Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report YBfn5E3Dlw.dll

Overview

General Information

Sample Name:YBfn5E3Dlw.dll
Analysis ID:553389
MD5:038f9a9d5b96733a9b3030cfbe4e4535
SHA1:3b8a4b81f0b06514188e4f935d5f4b0858b93806
SHA256:d46762ba155e3345baf5d9e9453e6cd8e0647438693abddf34f98ae8d6bd436a
Tags:32dllexe
Infos:

Most interesting Screenshot:

Detection

Emotet
Score:92
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Multi AV Scanner detection for submitted file
Yara detected Emotet
System process connects to network (likely due to code injection or exploit)
Sigma detected: Suspicious Call by Ordinal
C2 URLs / IPs found in malware configuration
Hides that the sample has been downloaded from the Internet (zone.identifier)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
One or more processes crash
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
Deletes files inside the Windows folder
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Creates files inside the system directory
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Found evasive API chain (may stop execution after checking a module file name)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to dynamically determine API calls
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
Creates a DirectInput object (often for capturing keystrokes)
AV process strings found (often used to terminate AV products)
PE file contains an invalid checksum
PE file contains strange resources
Tries to load missing DLLs
Contains functionality to read the PEB
Drops PE files to the windows directory (C:\Windows)
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Detected TCP or UDP traffic on non-standard ports
Checks if the current process is being debugged
Connects to several IPs in different countries
Potential key logger detected (key state polling based)
Registers a DLL
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • loaddll32.exe (PID: 6800 cmdline: loaddll32.exe "C:\Users\user\Desktop\YBfn5E3Dlw.dll" MD5: 7DEB5DB86C0AC789123DEC286286B938)
    • cmd.exe (PID: 6832 cmdline: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\YBfn5E3Dlw.dll",#1 MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • rundll32.exe (PID: 6868 cmdline: rundll32.exe "C:\Users\user\Desktop\YBfn5E3Dlw.dll",#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
        • rundll32.exe (PID: 6972 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\YBfn5E3Dlw.dll",DllRegisterServer MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
          • rundll32.exe (PID: 6364 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Iqfwjbrvgdbzcukj\zdbnyk.tut",UUsSizCGlqQiDK MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
            • rundll32.exe (PID: 6468 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\Iqfwjbrvgdbzcukj\zdbnyk.tut",DllRegisterServer MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • regsvr32.exe (PID: 6856 cmdline: regsvr32.exe /s C:\Users\user\Desktop\YBfn5E3Dlw.dll MD5: 426E7499F6A7346F0410DEAD0805586B)
      • rundll32.exe (PID: 6952 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\YBfn5E3Dlw.dll",DllRegisterServer MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 6916 cmdline: rundll32.exe C:\Users\user\Desktop\YBfn5E3Dlw.dll,DllRegisterServer MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • WerFault.exe (PID: 6472 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6800 -s 524 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
  • svchost.exe (PID: 7100 cmdline: C:\Windows\System32\svchost.exe -k WerSvcGroup MD5: 32569E403279B3FD2EDB7EBD036273FA)
    • WerFault.exe (PID: 7160 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 6800 -ip 6800 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
  • svchost.exe (PID: 5964 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 6864 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 7160 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 5892 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • cleanup

Malware Configuration

Threatname: Emotet

{"C2 list": ["45.138.98.34:80", "69.16.218.101:8080", "51.210.242.234:8080", "185.148.168.220:8080", "142.4.219.173:8080", "54.38.242.185:443", "191.252.103.16:80", "104.131.62.48:8080", "62.171.178.147:8080", "217.182.143.207:443", "168.197.250.14:80", "37.44.244.177:8080", "66.42.57.149:443", "210.57.209.142:8080", "159.69.237.188:443", "116.124.128.206:8080", "128.199.192.135:8080", "195.154.146.35:443", "185.148.168.15:8080", "195.77.239.39:8080", "207.148.81.119:8080", "85.214.67.203:8080", "190.90.233.66:443", "78.46.73.125:443", "78.47.204.80:443", "37.59.209.141:8080", "54.37.228.122:443"], "Public Key": ["RUNTMSAAAAD0LxqDNhonUYwk8sqo7IWuUllRdUiUBnACc6romsQoe1YJD7wIe4AheqYofpZFucPDXCZ0z9i+ooUffqeoLZU0", "RUNLMSAAAADYNZPXY4tQxd/N4Wn5sTYAm5tUOxY2ol1ELrI4MNhHNi640vSLasjYTHpFRBoG+o84vtr7AJachCzOHjaAJFCW"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000005.00000002.717016782.0000000000801000.00000020.00000001.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
    00000007.00000002.684457772.0000000004AC0000.00000040.00000001.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
      00000005.00000002.716858406.0000000000610000.00000040.00000001.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
        00000004.00000002.670220213.0000000002A40000.00000040.00000001.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
          0000000A.00000002.689034927.0000000000841000.00000020.00000001.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
            Click to see the 29 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            3.2.regsvr32.exe.4ad0000.0.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
              7.2.rundll32.exe.2cc0000.0.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                0.0.loaddll32.exe.2bb0000.4.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                  7.2.rundll32.exe.4bd0000.4.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                    10.2.rundll32.exe.840000.1.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                      Click to see the 46 entries

                      Sigma Overview

                      System Summary:

                      barindex
                      Sigma detected: Suspicious Call by OrdinalShow sources
                      Source: Process startedAuthor: Florian Roth: Data: Command: rundll32.exe "C:\Users\user\Desktop\YBfn5E3Dlw.dll",#1, CommandLine: rundll32.exe "C:\Users\user\Desktop\YBfn5E3Dlw.dll",#1, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\rundll32.exe, NewProcessName: C:\Windows\SysWOW64\rundll32.exe, OriginalFileName: C:\Windows\SysWOW64\rundll32.exe, ParentCommandLine: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\YBfn5E3Dlw.dll",#1, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 6832, ProcessCommandLine: rundll32.exe "C:\Users\user\Desktop\YBfn5E3Dlw.dll",#1, ProcessId: 6868

                      Jbx Signature Overview

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection:

                      barindex
                      Found malware configurationShow sources
                      Source: 7.2.rundll32.exe.4d90000.8.raw.unpackMalware Configuration Extractor: Emotet {"C2 list": ["45.138.98.34:80", "69.16.218.101:8080", "51.210.242.234:8080", "185.148.168.220:8080", "142.4.219.173:8080", "54.38.242.185:443", "191.252.103.16:80", "104.131.62.48:8080", "62.171.178.147:8080", "217.182.143.207:443", "168.197.250.14:80", "37.44.244.177:8080", "66.42.57.149:443", "210.57.209.142:8080", "159.69.237.188:443", "116.124.128.206:8080", "128.199.192.135:8080", "195.154.146.35:443", "185.148.168.15:8080", "195.77.239.39:8080", "207.148.81.119:8080", "85.214.67.203:8080", "190.90.233.66:443", "78.46.73.125:443", "78.47.204.80:443", "37.59.209.141:8080", "54.37.228.122:443"], "Public Key": ["RUNTMSAAAAD0LxqDNhonUYwk8sqo7IWuUllRdUiUBnACc6romsQoe1YJD7wIe4AheqYofpZFucPDXCZ0z9i+ooUffqeoLZU0", "RUNLMSAAAADYNZPXY4tQxd/N4Wn5sTYAm5tUOxY2ol1ELrI4MNhHNi640vSLasjYTHpFRBoG+o84vtr7AJachCzOHjaAJFCW"]}
                      Multi AV Scanner detection for submitted fileShow sources
                      Source: YBfn5E3Dlw.dllVirustotal: Detection: 13%Perma Link
                      Source: YBfn5E3Dlw.dllReversingLabs: Detection: 18%
                      Source: YBfn5E3Dlw.dllStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
                      Source: Binary string: ws2_32.pdb source: WerFault.exe, 0000000B.00000003.691912494.0000000005558000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.691965559.0000000005558000.00000004.00000040.sdmp
                      Source: Binary string: winspool.pdb source: WerFault.exe, 0000000B.00000003.691912494.0000000005558000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.691965559.0000000005558000.00000004.00000040.sdmp
                      Source: Binary string: wgdi32full.pdb source: WerFault.exe, 0000000B.00000003.691895265.00000000053F1000.00000004.00000001.sdmp
                      Source: Binary string: wkernel32.pdb source: WerFault.exe, 0000000B.00000003.688037071.00000000050DB000.00000004.00000001.sdmp, WerFault.exe, 0000000B.00000003.703962042.00000000050CE000.00000004.00000001.sdmp, WerFault.exe, 0000000B.00000002.705358449.00000000050DB000.00000004.00000001.sdmp, WerFault.exe, 0000000B.00000003.687218418.00000000050D5000.00000004.00000001.sdmp, WerFault.exe, 0000000B.00000003.691895265.00000000053F1000.00000004.00000001.sdmp, WerFault.exe, 0000000B.00000003.691856796.00000000050DB000.00000004.00000001.sdmp, WerFault.exe, 0000000B.00000003.704014313.00000000050D6000.00000004.00000001.sdmp
                      Source: Binary string: sechost.pdb source: WerFault.exe, 0000000B.00000003.691902419.0000000005552000.00000004.00000040.sdmp
                      Source: Binary string: bcrypt.pdb source: WerFault.exe, 0000000B.00000003.691912494.0000000005558000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.691965559.0000000005558000.00000004.00000040.sdmp
                      Source: Binary string: iphlpapi.pdb source: WerFault.exe, 0000000B.00000003.691912494.0000000005558000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.691965559.0000000005558000.00000004.00000040.sdmp
                      Source: Binary string: ucrtbase.pdb source: WerFault.exe, 0000000B.00000003.691895265.00000000053F1000.00000004.00000001.sdmp
                      Source: Binary string: msvcrt.pdb source: WerFault.exe, 0000000B.00000003.691895265.00000000053F1000.00000004.00000001.sdmp
                      Source: Binary string: propsys.pdb source: WerFault.exe, 0000000B.00000003.691912494.0000000005558000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.691965559.0000000005558000.00000004.00000040.sdmp
                      Source: Binary string: wrpcrt4.pdb source: WerFault.exe, 0000000B.00000003.691902419.0000000005552000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.691959782.0000000005555000.00000004.00000040.sdmp
                      Source: Binary string: a>njrAnCReportStore::Prune: MaxReportCount=%d MaxSizeInMb=%dRSDSwkernel32.pdb source: WerFault.exe, 0000000B.00000002.704949290.0000000002FF2000.00000004.00000001.sdmp
                      Source: Binary string: wntdll.pdb source: WerFault.exe, 0000000B.00000003.691895265.00000000053F1000.00000004.00000001.sdmp
                      Source: Binary string: wrpcrt4.pdbk source: WerFault.exe, 0000000B.00000003.691902419.0000000005552000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.691959782.0000000005555000.00000004.00000040.sdmp
                      Source: Binary string: shcore.pdb source: WerFault.exe, 0000000B.00000003.691912494.0000000005558000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.691965559.0000000005558000.00000004.00000040.sdmp
                      Source: Binary string: wgdi32.pdb source: WerFault.exe, 0000000B.00000003.691895265.00000000053F1000.00000004.00000001.sdmp
                      Source: Binary string: advapi32.pdb source: WerFault.exe, 0000000B.00000003.691895265.00000000053F1000.00000004.00000001.sdmp
                      Source: Binary string: wsspicli.pdb source: WerFault.exe, 0000000B.00000003.691953804.0000000005550000.00000004.00000040.sdmp
                      Source: Binary string: Kernel.Appcore.pdb source: WerFault.exe, 0000000B.00000003.691953804.0000000005550000.00000004.00000040.sdmp
                      Source: Binary string: msvcp_win.pdb source: WerFault.exe, 0000000B.00000003.691895265.00000000053F1000.00000004.00000001.sdmp
                      Source: Binary string: cryptbase.pdb source: WerFault.exe, 0000000B.00000003.691953804.0000000005550000.00000004.00000040.sdmp
                      Source: Binary string: sechost.pdbk source: WerFault.exe, 0000000B.00000003.691902419.0000000005552000.00000004.00000040.sdmp
                      Source: Binary string: wimm32.pdb source: WerFault.exe, 0000000B.00000003.691912494.0000000005558000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.691965559.0000000005558000.00000004.00000040.sdmp
                      Source: Binary string: wkernelbase.pdb source: WerFault.exe, 0000000B.00000003.691895265.00000000053F1000.00000004.00000001.sdmp
                      Source: Binary string: bcryptprimitives.pdb source: WerFault.exe, 0000000B.00000003.691953804.0000000005550000.00000004.00000040.sdmp
                      Source: Binary string: shlwapi.pdb source: WerFault.exe, 0000000B.00000003.691953804.0000000005550000.00000004.00000040.sdmp
                      Source: Binary string: combase.pdb source: WerFault.exe, 0000000B.00000003.691912494.0000000005558000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.691965559.0000000005558000.00000004.00000040.sdmp
                      Source: Binary string: wwin32u.pdb source: WerFault.exe, 0000000B.00000003.691895265.00000000053F1000.00000004.00000001.sdmp
                      Source: Binary string: oleaut32.pdb source: WerFault.exe, 0000000B.00000003.691912494.0000000005558000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.691965559.0000000005558000.00000004.00000040.sdmp
                      Source: Binary string: apphelp.pdb source: WerFault.exe, 0000000B.00000003.691895265.00000000053F1000.00000004.00000001.sdmp
                      Source: Binary string: wuser32.pdb source: WerFault.exe, 0000000B.00000003.691895265.00000000053F1000.00000004.00000001.sdmp

                      Networking:

                      barindex
                      Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
                      Source: TrafficSnort IDS: 2404332 ET CNC Feodo Tracker Reported CnC Server TCP group 17 192.168.2.4:49790 -> 45.138.98.34:80
                      Source: TrafficSnort IDS: 2404338 ET CNC Feodo Tracker Reported CnC Server TCP group 20 192.168.2.4:49791 -> 69.16.218.101:8080
                      System process connects to network (likely due to code injection or exploit)Show sources
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 69.16.218.101 144Jump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 45.138.98.34 80Jump to behavior
                      C2 URLs / IPs found in malware configurationShow sources
                      Source: Malware configuration extractorIPs: 45.138.98.34:80
                      Source: Malware configuration extractorIPs: 69.16.218.101:8080
                      Source: Malware configuration extractorIPs: 51.210.242.234:8080
                      Source: Malware configuration extractorIPs: 185.148.168.220:8080
                      Source: Malware configuration extractorIPs: 142.4.219.173:8080
                      Source: Malware configuration extractorIPs: 54.38.242.185:443
                      Source: Malware configuration extractorIPs: 191.252.103.16:80
                      Source: Malware configuration extractorIPs: 104.131.62.48:8080
                      Source: Malware configuration extractorIPs: 62.171.178.147:8080
                      Source: Malware configuration extractorIPs: 217.182.143.207:443
                      Source: Malware configuration extractorIPs: 168.197.250.14:80
                      Source: Malware configuration extractorIPs: 37.44.244.177:8080
                      Source: Malware configuration extractorIPs: 66.42.57.149:443
                      Source: Malware configuration extractorIPs: 210.57.209.142:8080
                      Source: Malware configuration extractorIPs: 159.69.237.188:443
                      Source: Malware configuration extractorIPs: 116.124.128.206:8080
                      Source: Malware configuration extractorIPs: 128.199.192.135:8080
                      Source: Malware configuration extractorIPs: 195.154.146.35:443
                      Source: Malware configuration extractorIPs: 185.148.168.15:8080
                      Source: Malware configuration extractorIPs: 195.77.239.39:8080
                      Source: Malware configuration extractorIPs: 207.148.81.119:8080
                      Source: Malware configuration extractorIPs: 85.214.67.203:8080
                      Source: Malware configuration extractorIPs: 190.90.233.66:443
                      Source: Malware configuration extractorIPs: 78.46.73.125:443
                      Source: Malware configuration extractorIPs: 78.47.204.80:443
                      Source: Malware configuration extractorIPs: 37.59.209.141:8080
                      Source: Malware configuration extractorIPs: 54.37.228.122:443
                      Source: Joe Sandbox ViewASN Name: AS-CHOOPAUS AS-CHOOPAUS
                      Source: Joe Sandbox ViewASN Name: DIGITALOCEAN-ASNUS DIGITALOCEAN-ASNUS
                      Source: Joe Sandbox ViewIP Address: 207.148.81.119 207.148.81.119
                      Source: Joe Sandbox ViewIP Address: 104.131.62.48 104.131.62.48
                      Source: global trafficTCP traffic: 192.168.2.4:49753 -> 69.16.218.101:8080
                      Source: unknownNetwork traffic detected: IP country count 11
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.138.98.34
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.138.98.34
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.138.98.34
                      Source: unknownTCP traffic detected without corresponding DNS query: 69.16.218.101
                      Source: unknownTCP traffic detected without corresponding DNS query: 69.16.218.101
                      Source: unknownTCP traffic detected without corresponding DNS query: 69.16.218.101
                      Source: unknownTCP traffic detected without corresponding DNS query: 69.16.218.101
                      Source: unknownTCP traffic detected without corresponding DNS query: 69.16.218.101
                      Source: unknownTCP traffic detected without corresponding DNS query: 69.16.218.101
                      Source: unknownTCP traffic detected without corresponding DNS query: 69.16.218.101
                      Source: unknownTCP traffic detected without corresponding DNS query: 69.16.218.101
                      Source: unknownTCP traffic detected without corresponding DNS query: 69.16.218.101
                      Source: unknownTCP traffic detected without corresponding DNS query: 69.16.218.101
                      Source: unknownTCP traffic detected without corresponding DNS query: 69.16.218.101
                      Source: svchost.exe, 0000001A.00000003.890407164.0000023BFEF70000.00000004.00000001.sdmpString found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","ProductTitle":"Spotify - Music and Podcasts","SearchTitles":[{"SearchTitleString":"Spotify","SearchTitleType":"SearchHint"},{"SearchTitleString":"Music","SearchTitleType":"SearchHint"},{"SearchTitleString":"music apps","SearchTitleType":"SearchHint"},{"SearchTitleString":"free music","SearchTitleType":"SearchHint"},{"SearchTitleString":"podcasts","SearchTitleType":"SearchHint"},{"SearchTitleString":"streaming","SearchTitleType":"SearchHint"},{"SearchTitleString":"soundcloud","SearchTitleType":"SearchHint"}],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","N equals www.facebook.com (Facebook)
                      Source: svchost.exe, 0000001A.00000003.890407164.0000023BFEF70000.00000004.00000001.sdmpString found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","ProductTitle":"Spotify - Music and Podcasts","SearchTitles":[{"SearchTitleString":"Spotify","SearchTitleType":"SearchHint"},{"SearchTitleString":"Music","SearchTitleType":"SearchHint"},{"SearchTitleString":"music apps","SearchTitleType":"SearchHint"},{"SearchTitleString":"free music","SearchTitleType":"SearchHint"},{"SearchTitleString":"podcasts","SearchTitleType":"SearchHint"},{"SearchTitleString":"streaming","SearchTitleType":"SearchHint"},{"SearchTitleString":"soundcloud","SearchTitleType":"SearchHint"}],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","N equals www.twitter.com (Twitter)
                      Source: svchost.exe, 0000001A.00000003.890370423.0000023BFEF95000.00000004.00000001.sdmpString found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","ProductTitle":"Spotify - Music and Podcasts","SearchTitles":[{"SearchTitleString":"Spotify","SearchTitleType":"SearchHint"},{"SearchTitleString":"Music","SearchTitleType":"SearchHint"},{"SearchTitleString":"music apps","SearchTitleType":"SearchHint"},{"SearchTitleString":"free music","SearchTitleType":"SearchHint"},{"SearchTitleString":"podcasts","SearchTitleType":"SearchHint"},{"SearchTitleString":"streaming","SearchTitleType":"SearchHint"},{"SearchTitleString":"soundcloud","SearchTitleType":"SearchHint"}],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductUnifiedApp;3","ProductId":"9NCBCSZSJRSB","Properties":{"PackageFamilyName":"SpotifyAB.SpotifyMusic_zpdnekdrzrea0","PackageIdentityName":"SpotifyAB.SpotifyMusic","PublisherCertificateName":"CN=453637B3-4E12-4CDF-B0D3-2A3C863BF6EF","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":"LegacyWindowsStoreProductId","Value":"ceac5d3f-8a4f-40e1-9a67-76d9108c7cb5"},{"IdType":"LegacyWindowsPhoneProductId","Value":"caac1b9d-621b-4f96-b143-e10e1397740a"},{"IdType":"XboxTitleId","Value":"1681279293"}],"IngestionSource":"DCE","IsMicrosoftProduct":false,"PreferredSkuId":"0010","ProductType":"Application","ValidationData":{"PassedValidation":false,"RevisionId":"2022-01-07T11:33:20.1626869Z||.||d5cdcec3-04df-404e-ba07-3240047c89f9||1152921505694348672||Null||fullrelease","ValidationResultUri":""},"MerchandizingTags":[],"PartD":"","ProductFamily":"Apps","ProductKind":"Application","DisplaySkuAvailab
                      Source: svchost.exe, 0000001A.00000003.890370423.0000023BFEF95000.00000004.00000001.sdmpString found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","ProductTitle":"Spotify - Music and Podcasts","SearchTitles":[{"SearchTitleString":"Spotify","SearchTitleType":"SearchHint"},{"SearchTitleString":"Music","SearchTitleType":"SearchHint"},{"SearchTitleString":"music apps","SearchTitleType":"SearchHint"},{"SearchTitleString":"free music","SearchTitleType":"SearchHint"},{"SearchTitleString":"podcasts","SearchTitleType":"SearchHint"},{"SearchTitleString":"streaming","SearchTitleType":"SearchHint"},{"SearchTitleString":"soundcloud","SearchTitleType":"SearchHint"}],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductUnifiedApp;3","ProductId":"9NCBCSZSJRSB","Properties":{"PackageFamilyName":"SpotifyAB.SpotifyMusic_zpdnekdrzrea0","PackageIdentityName":"SpotifyAB.SpotifyMusic","PublisherCertificateName":"CN=453637B3-4E12-4CDF-B0D3-2A3C863BF6EF","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":"LegacyWindowsStoreProductId","Value":"ceac5d3f-8a4f-40e1-9a67-76d9108c7cb5"},{"IdType":"LegacyWindowsPhoneProductId","Value":"caac1b9d-621b-4f96-b143-e10e1397740a"},{"IdType":"XboxTitleId","Value":"1681279293"}],"IngestionSource":"DCE","IsMicrosoftProduct":false,"PreferredSkuId":"0010","ProductType":"Application","ValidationData":{"PassedValidation":false,"RevisionId":"2022-01-07T11:33:20.1626869Z||.||d5cdcec3-04df-404e-ba07-3240047c89f9||1152921505694348672||Null||fullrelease","ValidationResultUri":""},"MerchandizingTags":[],"PartD":"","ProductFamily":"Apps","ProductKind":"Application","DisplaySkuAvailab
                      Source: svchost.exe, 0000001A.00000003.890370423.0000023BFEF95000.00000004.00000001.sdmpString found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","SkuTitle":"Spotify - Music and Podcasts","Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","A equals www.facebook.com (Facebook)
                      Source: svchost.exe, 0000001A.00000003.890370423.0000023BFEF95000.00000004.00000001.sdmpString found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","SkuTitle":"Spotify - Music and Podcasts","Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","A equals www.twitter.com (Twitter)
                      Source: svchost.exe, 0000001A.00000002.905359211.0000023BFEF0D000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                      Source: 77EC63BDA74BD0D0E0426DC8F80085060.12.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
                      Source: svchost.exe, 0000001A.00000003.886654720.0000023BFEF6B000.00000004.00000001.sdmp, svchost.exe, 0000001A.00000003.886573549.0000023BFEF7D000.00000004.00000001.sdmp, svchost.exe, 0000001A.00000003.886627076.0000023BFEFBE000.00000004.00000001.sdmp, svchost.exe, 0000001A.00000003.886609755.0000023BFEFBD000.00000004.00000001.sdmpString found in binary or memory: http://help.disneyplus.com.
                      Source: svchost.exe, 0000001A.00000002.905217861.0000023BFE6EB000.00000004.00000001.sdmpString found in binary or memory: http://schemas.microft8
                      Source: Amcache.hve.11.drString found in binary or memory: http://upx.sf.net
                      Source: svchost.exe, 0000001A.00000003.886654720.0000023BFEF6B000.00000004.00000001.sdmp, svchost.exe, 0000001A.00000003.886573549.0000023BFEF7D000.00000004.00000001.sdmp, svchost.exe, 0000001A.00000003.886627076.0000023BFEFBE000.00000004.00000001.sdmp, svchost.exe, 0000001A.00000003.886609755.0000023BFEFBD000.00000004.00000001.sdmpString found in binary or memory: https://disneyplus.com/legal.
                      Source: svchost.exe, 0000001A.00000003.886654720.0000023BFEF6B000.00000004.00000001.sdmp, svchost.exe, 0000001A.00000003.886573549.0000023BFEF7D000.00000004.00000001.sdmp, svchost.exe, 0000001A.00000003.886627076.0000023BFEFBE000.00000004.00000001.sdmp, svchost.exe, 0000001A.00000003.886609755.0000023BFEFBD000.00000004.00000001.sdmpString found in binary or memory: https://www.disneyplus.com/legal/privacy-policy
                      Source: svchost.exe, 0000001A.00000003.886654720.0000023BFEF6B000.00000004.00000001.sdmp, svchost.exe, 0000001A.00000003.886573549.0000023BFEF7D000.00000004.00000001.sdmp, svchost.exe, 0000001A.00000003.886627076.0000023BFEFBE000.00000004.00000001.sdmp, svchost.exe, 0000001A.00000003.886609755.0000023BFEFBD000.00000004.00000001.sdmpString found in binary or memory: https://www.disneyplus.com/legal/your-california-privacy-rights
                      Source: svchost.exe, 0000001A.00000003.887579892.0000023BFF402000.00000004.00000001.sdmp, svchost.exe, 0000001A.00000003.887557151.0000023BFEF6F000.00000004.00000001.sdmp, svchost.exe, 0000001A.00000003.887524490.0000023BFEF84000.00000004.00000001.sdmpString found in binary or memory: https://www.tiktok.com/legal/report/feedback
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_10001280 recvfrom,3_2_10001280
                      Source: loaddll32.exe, 00000000.00000000.679382784.0000000000F0B000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_10027958 GetKeyState,GetKeyState,GetKeyState,GetKeyState,SendMessageA,3_2_10027958
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_10027958 GetKeyState,GetKeyState,GetKeyState,GetKeyState,SendMessageA,4_2_10027958

                      E-Banking Fraud:

                      barindex
                      Yara detected EmotetShow sources
                      Source: Yara matchFile source: 3.2.regsvr32.exe.4ad0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.2cc0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.loaddll32.exe.2bb0000.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.4bd0000.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.rundll32.exe.840000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.4d60000.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.2bb0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.regsvr32.exe.4b90000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.4700000.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.2cc0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.rundll32.exe.810000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.rundll32.exe.810000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.2a40000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.4d90000.8.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.890000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.43d0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.47e0000.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.610000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.4af0000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.890000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.regsvr32.exe.4ad0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.4600000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.2a40000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.4d90000.8.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.4810000.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.4dc0000.9.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.4840000.8.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.4ac0000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.4c00000.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.2cf0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.4d30000.6.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.4700000.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.800000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.4840000.8.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.610000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.50f0000.10.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.4ac0000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.4870000.9.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.50f0000.10.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.5120000.11.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.47e0000.6.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.loaddll32.exe.2b80000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.loaddll32.exe.2bb0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.2b80000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.4730000.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.4d30000.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.2b80000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.loaddll32.exe.2b80000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.4bd0000.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.loaddll32.exe.2b80000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.loaddll32.exe.2b80000.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000005.00000002.717016782.0000000000801000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.684457772.0000000004AC0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.716858406.0000000000610000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.670220213.0000000002A40000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000A.00000002.689034927.0000000000841000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000000.678575035.0000000002BB1000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.669885789.0000000004AD0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000000.678495880.0000000002B80000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.718684948.0000000004840000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.684552558.0000000004BD0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.718453341.0000000004731000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.718808702.0000000004871000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.684493493.0000000004AF1000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.718297944.0000000004601000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.706001315.0000000002B80000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.684814749.0000000004D90000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.718539427.00000000047E0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.684705353.0000000004D30000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.684619193.0000000004C01000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.685007219.00000000050F0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.684870034.0000000004DC1000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.718585654.0000000004811000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.684022811.0000000002CF1000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000000.679958856.0000000002BB1000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.669912238.0000000004B91000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.685051357.0000000005121000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000A.00000002.688964170.0000000000810000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.670284655.00000000043D1000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.683997042.0000000002CC0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000000.679880093.0000000002B80000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.718382473.0000000004700000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.684741919.0000000004D61000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.717062119.0000000000890000.00000040.00000001.sdmp, type: MEMORY

                      System Summary:

                      barindex
                      Source: YBfn5E3Dlw.dllStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 6800 -ip 6800
                      Source: C:\Windows\SysWOW64\rundll32.exeFile deleted: C:\Windows\SysWOW64\Iqfwjbrvgdbzcukj\zdbnyk.tut:Zone.IdentifierJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\SysWOW64\Bahdvmxzoittjzcu\Jump to behavior
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BCEFDD0_2_02BCEFDD
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BD46BD0_2_02BD46BD
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BC0EBC0_2_02BC0EBC
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BBC6B80_2_02BBC6B8
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BC0ABA0_2_02BC0ABA
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BBBAA90_2_02BBBAA9
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BC3EAA0_2_02BC3EAA
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BD36AA0_2_02BD36AA
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BCA2A50_2_02BCA2A5
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BB1CA10_2_02BB1CA1
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BCBEFD0_2_02BCBEFD
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BBF0E90_2_02BBF0E9
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BD00EF0_2_02BD00EF
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BD3EE90_2_02BD3EE9
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BCE4E50_2_02BCE4E5
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BCCCD90_2_02BCCCD9
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BCD8DB0_2_02BCD8DB
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BCCAD50_2_02BCCAD5
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BB80C00_2_02BB80C0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BB34310_2_02BB3431
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BB86360_2_02BB8636
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BBB8200_2_02BBB820
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BC7A0F0_2_02BC7A0F
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BD20090_2_02BD2009
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BC88060_2_02BC8806
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BC9A010_2_02BC9A01
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BB7E790_2_02BB7E79
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BB70780_2_02BB7078
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BC567B0_2_02BC567B
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BCA4740_2_02BCA474
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BBA8710_2_02BBA871
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BCDC710_2_02BCDC71
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BBDE740_2_02BBDE74
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BD0A640_2_02BD0A64
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BC4A660_2_02BC4A66
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BD32630_2_02BD3263
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BC2E5D0_2_02BC2E5D
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BCB2570_2_02BCB257
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BC42440_2_02BC4244
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BB74420_2_02BB7442
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BBE6400_2_02BBE640
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BCF8400_2_02BCF840
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BBA4450_2_02BBA445
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BCD1BC0_2_02BCD1BC
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BD17BD0_2_02BD17BD
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BB57B80_2_02BB57B8
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BBBFBE0_2_02BBBFBE
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BC8FAE0_2_02BC8FAE
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BD07AA0_2_02BD07AA
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BB77A30_2_02BB77A3
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BB21940_2_02BB2194
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BBFB8E0_2_02BBFB8E
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BB238C0_2_02BB238C
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BC3D850_2_02BC3D85
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BC0F860_2_02BC0F86
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BC61870_2_02BC6187
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BC85FF0_2_02BC85FF
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BCE1F80_2_02BCE1F8
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BB55FF0_2_02BB55FF
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BC27F90_2_02BC27F9
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BB4BFC0_2_02BB4BFC
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BC07F40_2_02BC07F4
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BC9DF50_2_02BC9DF5
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BC67E60_2_02BC67E6
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BCFBDE0_2_02BCFBDE
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BBC5D80_2_02BBC5D8
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BBE7DE0_2_02BBE7DE
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BCC5D50_2_02BCC5D5
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BC8D3D0_2_02BC8D3D
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BB1F380_2_02BB1F38
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BC53330_2_02BC5333
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BC55150_2_02BC5515
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BB670B0_2_02BB670B
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BD2B090_2_02BD2B09
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BCAD080_2_02BCAD08
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BBEF0C0_2_02BBEF0C
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BB6B7A0_2_02BB6B7A
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BC57790_2_02BC5779
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BC437A0_2_02BC437A
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BC017B0_2_02BC017B
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BC4F740_2_02BC4F74
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BC97740_2_02BC9774
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BBF3690_2_02BBF369
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BCFF580_2_02BCFF58
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BC7D5B0_2_02BC7D5B
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BCE9550_2_02BCE955
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BD2D530_2_02BD2D53
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BC654A0_2_02BC654A
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BBD14C0_2_02BBD14C
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BC21420_2_02BC2142
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_100291F63_2_100291F6
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1002F3783_2_1002F378
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_100403D73_2_100403D7
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1004250B3_2_1004250B
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_100415573_2_10041557
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_100395A13_2_100395A1
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1002F7843_2_1002F784
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1004091B3_2_1004091B
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1002EACF3_2_1002EACF
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1002FBA43_2_1002FBA4
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_10035D963_2_10035D96
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_10040E5F3_2_10040E5F
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1002EFA43_2_1002EFA4
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_100291F64_2_100291F6
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_1002F3784_2_1002F378
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_100403D74_2_100403D7
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_1004250B4_2_1004250B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_100415574_2_10041557
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_100395A14_2_100395A1
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_1002F7844_2_1002F784
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_1004091B4_2_1004091B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_1002EACF4_2_1002EACF
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_1002FBA44_2_1002FBA4
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_10035D964_2_10035D96
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_10040E5F4_2_10040E5F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_1002EFA44_2_1002EFA4
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_008220095_2_00822009
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_00817A0F5_2_00817A0F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_008086365_2_00808636
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0080A4455_2_0080A445
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_00814A665_2_00814A66
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0080DE745_2_0080DE74
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0080C5D85_2_0080C5D8
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0081EFDD5_2_0081EFDD
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0081AD085_2_0081AD08
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0080670B5_2_0080670B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_008121425_2_00812142
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0081654A5_2_0081654A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0081FF585_2_0081FF58
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_00801CA15_2_00801CA1
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0081A2A55_2_0081A2A5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_008236AA5_2_008236AA
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0080BAA95_2_0080BAA9
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_00813EAA5_2_00813EAA
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0080C6B85_2_0080C6B8
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_00810ABA5_2_00810ABA
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_00810EBC5_2_00810EBC
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_008246BD5_2_008246BD
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_008080C05_2_008080C0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0081CAD55_2_0081CAD5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0081CCD95_2_0081CCD9
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0081D8DB5_2_0081D8DB
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0081E4E55_2_0081E4E5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0080F0E95_2_0080F0E9
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_00823EE95_2_00823EE9
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_008200EF5_2_008200EF
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0081BEFD5_2_0081BEFD
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_00819A015_2_00819A01
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_008188065_2_00818806
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0080B8205_2_0080B820
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_008034315_2_00803431
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0080E6405_2_0080E640
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0081F8405_2_0081F840
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_008074425_2_00807442
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_008142445_2_00814244
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0081B2575_2_0081B257
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_00812E5D5_2_00812E5D
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_008232635_2_00823263
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_00820A645_2_00820A64
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0081DC715_2_0081DC71
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0080A8715_2_0080A871
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0081A4745_2_0081A474
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_008070785_2_00807078
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_00807E795_2_00807E79
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0081567B5_2_0081567B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_00813D855_2_00813D85
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_008161875_2_00816187
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_00810F865_2_00810F86
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0080238C5_2_0080238C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0080FB8E5_2_0080FB8E
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_008021945_2_00802194
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_008077A35_2_008077A3
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_008207AA5_2_008207AA
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_00818FAE5_2_00818FAE
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_008057B85_2_008057B8
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0081D1BC5_2_0081D1BC
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0080BFBE5_2_0080BFBE
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_008217BD5_2_008217BD
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0081C5D55_2_0081C5D5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0080E7DE5_2_0080E7DE
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0081FBDE5_2_0081FBDE
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_008167E65_2_008167E6
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_00819DF55_2_00819DF5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_008107F45_2_008107F4
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_008127F95_2_008127F9
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0081E1F85_2_0081E1F8
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_00804BFC5_2_00804BFC
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_008185FF5_2_008185FF
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_008055FF5_2_008055FF
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_00822B095_2_00822B09
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0080EF0C5_2_0080EF0C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_008155155_2_00815515
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_008153335_2_00815333
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_00801F385_2_00801F38
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_00818D3D5_2_00818D3D
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0080D14C5_2_0080D14C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_00822D535_2_00822D53
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0081E9555_2_0081E955
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_00817D5B5_2_00817D5B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0080F3695_2_0080F369
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_00814F745_2_00814F74
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_008197745_2_00819774
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_008157795_2_00815779
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_00806B7A5_2_00806B7A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0081017B5_2_0081017B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0081437A5_2_0081437A
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: String function: 10030E38 appears 58 times
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: String function: 10030535 appears 87 times
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 10030E38 appears 58 times
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 10030535 appears 87 times
                      Source: YBfn5E3Dlw.dllStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                      Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dllJump to behavior
                      Source: YBfn5E3Dlw.dllVirustotal: Detection: 13%
                      Source: YBfn5E3Dlw.dllReversingLabs: Detection: 18%
                      Source: YBfn5E3Dlw.dllStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                      Source: C:\Windows\System32\loaddll32.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: unknownProcess created: C:\Windows\System32\loaddll32.exe loaddll32.exe "C:\Users\user\Desktop\YBfn5E3Dlw.dll"
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\YBfn5E3Dlw.dll",#1
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe /s C:\Users\user\Desktop\YBfn5E3Dlw.dll
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\YBfn5E3Dlw.dll",#1
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\YBfn5E3Dlw.dll,DllRegisterServer
                      Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\YBfn5E3Dlw.dll",DllRegisterServer
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\YBfn5E3Dlw.dll",DllRegisterServer
                      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 6800 -ip 6800
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Iqfwjbrvgdbzcukj\zdbnyk.tut",UUsSizCGlqQiDK
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6800 -s 524
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\Iqfwjbrvgdbzcukj\zdbnyk.tut",DllRegisterServer
                      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
                      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
                      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
                      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\YBfn5E3Dlw.dll",#1Jump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe /s C:\Users\user\Desktop\YBfn5E3Dlw.dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\YBfn5E3Dlw.dll,DllRegisterServerJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\YBfn5E3Dlw.dll",#1Jump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\YBfn5E3Dlw.dll",DllRegisterServerJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\YBfn5E3Dlw.dll",DllRegisterServerJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Iqfwjbrvgdbzcukj\zdbnyk.tut",UUsSizCGlqQiDKJump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 6800 -ip 6800Jump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6800 -s 524Jump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\Iqfwjbrvgdbzcukj\zdbnyk.tut",DllRegisterServerJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
                      Source: C:\Windows\System32\svchost.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\WER41BF.tmpJump to behavior
                      Source: classification engineClassification label: mal92.troj.evad.winDLL@27/10@0/27
                      Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Users\desktop.iniJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\YBfn5E3Dlw.dll",#1
                      Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \BaseNamedObjects\Local\SM0:7160:64:WilError_01
                      Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6800
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_10021183 LoadResource,LockResource,SizeofResource,3_2_10021183
                      Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: Binary string: ws2_32.pdb source: WerFault.exe, 0000000B.00000003.691912494.0000000005558000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.691965559.0000000005558000.00000004.00000040.sdmp
                      Source: Binary string: winspool.pdb source: WerFault.exe, 0000000B.00000003.691912494.0000000005558000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.691965559.0000000005558000.00000004.00000040.sdmp
                      Source: Binary string: wgdi32full.pdb source: WerFault.exe, 0000000B.00000003.691895265.00000000053F1000.00000004.00000001.sdmp
                      Source: Binary string: wkernel32.pdb source: WerFault.exe, 0000000B.00000003.688037071.00000000050DB000.00000004.00000001.sdmp, WerFault.exe, 0000000B.00000003.703962042.00000000050CE000.00000004.00000001.sdmp, WerFault.exe, 0000000B.00000002.705358449.00000000050DB000.00000004.00000001.sdmp, WerFault.exe, 0000000B.00000003.687218418.00000000050D5000.00000004.00000001.sdmp, WerFault.exe, 0000000B.00000003.691895265.00000000053F1000.00000004.00000001.sdmp, WerFault.exe, 0000000B.00000003.691856796.00000000050DB000.00000004.00000001.sdmp, WerFault.exe, 0000000B.00000003.704014313.00000000050D6000.00000004.00000001.sdmp
                      Source: Binary string: sechost.pdb source: WerFault.exe, 0000000B.00000003.691902419.0000000005552000.00000004.00000040.sdmp
                      Source: Binary string: bcrypt.pdb source: WerFault.exe, 0000000B.00000003.691912494.0000000005558000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.691965559.0000000005558000.00000004.00000040.sdmp
                      Source: Binary string: iphlpapi.pdb source: WerFault.exe, 0000000B.00000003.691912494.0000000005558000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.691965559.0000000005558000.00000004.00000040.sdmp
                      Source: Binary string: ucrtbase.pdb source: WerFault.exe, 0000000B.00000003.691895265.00000000053F1000.00000004.00000001.sdmp
                      Source: Binary string: msvcrt.pdb source: WerFault.exe, 0000000B.00000003.691895265.00000000053F1000.00000004.00000001.sdmp
                      Source: Binary string: propsys.pdb source: WerFault.exe, 0000000B.00000003.691912494.0000000005558000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.691965559.0000000005558000.00000004.00000040.sdmp
                      Source: Binary string: wrpcrt4.pdb source: WerFault.exe, 0000000B.00000003.691902419.0000000005552000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.691959782.0000000005555000.00000004.00000040.sdmp
                      Source: Binary string: a>njrAnCReportStore::Prune: MaxReportCount=%d MaxSizeInMb=%dRSDSwkernel32.pdb source: WerFault.exe, 0000000B.00000002.704949290.0000000002FF2000.00000004.00000001.sdmp
                      Source: Binary string: wntdll.pdb source: WerFault.exe, 0000000B.00000003.691895265.00000000053F1000.00000004.00000001.sdmp
                      Source: Binary string: wrpcrt4.pdbk source: WerFault.exe, 0000000B.00000003.691902419.0000000005552000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.691959782.0000000005555000.00000004.00000040.sdmp
                      Source: Binary string: shcore.pdb source: WerFault.exe, 0000000B.00000003.691912494.0000000005558000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.691965559.0000000005558000.00000004.00000040.sdmp
                      Source: Binary string: wgdi32.pdb source: WerFault.exe, 0000000B.00000003.691895265.00000000053F1000.00000004.00000001.sdmp
                      Source: Binary string: advapi32.pdb source: WerFault.exe, 0000000B.00000003.691895265.00000000053F1000.00000004.00000001.sdmp
                      Source: Binary string: wsspicli.pdb source: WerFault.exe, 0000000B.00000003.691953804.0000000005550000.00000004.00000040.sdmp
                      Source: Binary string: Kernel.Appcore.pdb source: WerFault.exe, 0000000B.00000003.691953804.0000000005550000.00000004.00000040.sdmp
                      Source: Binary string: msvcp_win.pdb source: WerFault.exe, 0000000B.00000003.691895265.00000000053F1000.00000004.00000001.sdmp
                      Source: Binary string: cryptbase.pdb source: WerFault.exe, 0000000B.00000003.691953804.0000000005550000.00000004.00000040.sdmp
                      Source: Binary string: sechost.pdbk source: WerFault.exe, 0000000B.00000003.691902419.0000000005552000.00000004.00000040.sdmp
                      Source: Binary string: wimm32.pdb source: WerFault.exe, 0000000B.00000003.691912494.0000000005558000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.691965559.0000000005558000.00000004.00000040.sdmp
                      Source: Binary string: wkernelbase.pdb source: WerFault.exe, 0000000B.00000003.691895265.00000000053F1000.00000004.00000001.sdmp
                      Source: Binary string: bcryptprimitives.pdb source: WerFault.exe, 0000000B.00000003.691953804.0000000005550000.00000004.00000040.sdmp
                      Source: Binary string: shlwapi.pdb source: WerFault.exe, 0000000B.00000003.691953804.0000000005550000.00000004.00000040.sdmp
                      Source: Binary string: combase.pdb source: WerFault.exe, 0000000B.00000003.691912494.0000000005558000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.691965559.0000000005558000.00000004.00000040.sdmp
                      Source: Binary string: wwin32u.pdb source: WerFault.exe, 0000000B.00000003.691895265.00000000053F1000.00000004.00000001.sdmp
                      Source: Binary string: oleaut32.pdb source: WerFault.exe, 0000000B.00000003.691912494.0000000005558000.00000004.00000040.sdmp, WerFault.exe, 0000000B.00000003.691965559.0000000005558000.00000004.00000040.sdmp
                      Source: Binary string: apphelp.pdb source: WerFault.exe, 0000000B.00000003.691895265.00000000053F1000.00000004.00000001.sdmp
                      Source: Binary string: wuser32.pdb source: WerFault.exe, 0000000B.00000003.691895265.00000000053F1000.00000004.00000001.sdmp
                      Source: YBfn5E3Dlw.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                      Source: YBfn5E3Dlw.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                      Source: YBfn5E3Dlw.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                      Source: YBfn5E3Dlw.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                      Source: YBfn5E3Dlw.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BB1195 push cs; iretd 0_2_02BB1197
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1003060D push ecx; ret 3_2_10030620
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_10030E7D push ecx; ret 3_2_10030E90
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_1003060D push ecx; ret 4_2_10030620
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_10030E7D push ecx; ret 4_2_10030E90
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_00801195 push cs; iretd 5_2_00801197
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1003E278 LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,3_2_1003E278
                      Source: YBfn5E3Dlw.dllStatic PE information: real checksum: 0x970bf should be: 0x9b999
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe /s C:\Users\user\Desktop\YBfn5E3Dlw.dll
                      Source: C:\Windows\SysWOW64\rundll32.exePE file moved: C:\Windows\SysWOW64\Iqfwjbrvgdbzcukj\zdbnyk.tutJump to behavior

                      Hooking and other Techniques for Hiding and Protection:

                      barindex
                      Hides that the sample has been downloaded from the Internet (zone.identifier)Show sources
                      Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Windows\SysWOW64\Bahdvmxzoittjzcu\mklcsjb.lgm:Zone.Identifier read attributes | deleteJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Windows\SysWOW64\Iqfwjbrvgdbzcukj\zdbnyk.tut:Zone.Identifier read attributes | deleteJump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_100250A3 IsIconic,GetWindowPlacement,GetWindowRect,3_2_100250A3
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1001DFC0 IsIconic,SendMessageA,GetSystemMetrics,GetSystemMetrics,GetClientRect,DrawIcon,3_2_1001DFC0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_100250A3 IsIconic,GetWindowPlacement,GetWindowRect,4_2_100250A3
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_1001DFC0 IsIconic,SendMessageA,GetSystemMetrics,GetSystemMetrics,GetClientRect,DrawIcon,4_2_1001DFC0
                      Source: C:\Windows\SysWOW64\WerFault.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\svchost.exe TID: 6896Thread sleep time: -30000s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeEvasive API call chain: GetModuleFileName,DecisionNodes,Sleepgraph_3-21436
                      Source: C:\Windows\SysWOW64\rundll32.exeEvasive API call chain: GetModuleFileName,DecisionNodes,Sleepgraph_4-21435
                      Source: C:\Windows\SysWOW64\regsvr32.exeAPI coverage: 4.8 %
                      Source: C:\Windows\SysWOW64\rundll32.exeAPI coverage: 5.2 %
                      Source: C:\Windows\System32\svchost.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeAPI call chain: ExitProcess graph end nodegraph_3-21137
                      Source: C:\Windows\SysWOW64\rundll32.exeAPI call chain: ExitProcess graph end nodegraph_4-21136
                      Source: C:\Windows\SysWOW64\rundll32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: svchost.exe, 0000001A.00000002.905228266.0000023BFE6F8000.00000004.00000001.sdmpBinary or memory string: @Hyper-V RAWP
                      Source: Amcache.hve.11.drBinary or memory string: VMware
                      Source: Amcache.hve.11.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/5&1ec51bf7&0&000000
                      Source: Amcache.hve.11.drBinary or memory string: @scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/5&280b647&0&000000
                      Source: Amcache.hve.11.drBinary or memory string: VMware Virtual USB Mouse
                      Source: Amcache.hve.11.drBinary or memory string: VMware-42 35 9c fb 73 fa 4e 1b-fb a4 60 e7 7b e5 4a ed
                      Source: Amcache.hve.11.drBinary or memory string: VMware, Inc.
                      Source: Amcache.hve.11.drBinary or memory string: VMware Virtual disk SCSI Disk Devicehbin
                      Source: Amcache.hve.11.drBinary or memory string: Microsoft Hyper-V Generation Counter
                      Source: Amcache.hve.11.drBinary or memory string: VMware7,1
                      Source: Amcache.hve.11.drBinary or memory string: NECVMWar VMware SATA CD00
                      Source: Amcache.hve.11.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                      Source: Amcache.hve.11.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW71.00V.13989454.B64.1906190538,BiosReleaseDate:06/19/2019,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware7,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                      Source: svchost.exe, 0000001A.00000002.905217861.0000023BFE6EB000.00000004.00000001.sdmp, svchost.exe, 0000001A.00000002.905142668.0000023BFE689000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW
                      Source: Amcache.hve.11.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                      Source: Amcache.hve.11.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                      Source: Amcache.hve.11.drBinary or memory string: VMware, Inc.me
                      Source: Amcache.hve.11.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/5&280b647&0&000000
                      Source: Amcache.hve.11.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/5&1ec51bf7&0&000000
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1002DB0D IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_1002DB0D
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1003E278 LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,3_2_1003E278
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_10002D40 SetLastError,SetLastError,SetLastError,SetLastError,GetNativeSystemInfo,SetLastError,VirtualAlloc,VirtualAlloc,SetLastError,GetProcessHeap,HeapAlloc,VirtualFree,SetLastError,VirtualAlloc,SetLastError,3_2_10002D40
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BBF7F7 mov eax, dword ptr fs:[00000030h]0_2_02BBF7F7
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0080F7F7 mov eax, dword ptr fs:[00000030h]5_2_0080F7F7
                      Source: C:\Windows\System32\loaddll32.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02BBC6B8 LdrInitializeThunk,0_2_02BBC6B8
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1003A8D4 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_1003A8D4
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1002DB0D IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_1002DB0D
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_10032CB9 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_10032CB9
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_1003A8D4 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_1003A8D4
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_1002DB0D IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_1002DB0D
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_10032CB9 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_10032CB9

                      HIPS / PFW / Operating System Protection Evasion:

                      barindex
                      System process connects to network (likely due to code injection or exploit)Show sources
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 69.16.218.101 144Jump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 45.138.98.34 80Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\YBfn5E3Dlw.dll",#1Jump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 6800 -ip 6800Jump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6800 -s 524Jump to behavior
                      Source: loaddll32.exe, 00000000.00000000.678267285.0000000001650000.00000002.00020000.sdmp, loaddll32.exe, 00000000.00000000.679522311.0000000001650000.00000002.00020000.sdmpBinary or memory string: Program Manager
                      Source: loaddll32.exe, 00000000.00000000.678267285.0000000001650000.00000002.00020000.sdmp, loaddll32.exe, 00000000.00000000.679522311.0000000001650000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
                      Source: loaddll32.exe, 00000000.00000000.678267285.0000000001650000.00000002.00020000.sdmp, loaddll32.exe, 00000000.00000000.679522311.0000000001650000.00000002.00020000.sdmpBinary or memory string: Progman
                      Source: loaddll32.exe, 00000000.00000000.678267285.0000000001650000.00000002.00020000.sdmp, loaddll32.exe, 00000000.00000000.679522311.0000000001650000.00000002.00020000.sdmpBinary or memory string: Progmanlock
                      Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: GetLocaleInfoA,3_2_1003E000
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,InterlockedDecrement,InterlockedDecrement,3_2_1003D098
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: _strcpy_s,GetLocaleInfoA,__snwprintf_s,LoadLibraryA,3_2_1002129B
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,InterlockedDecrement,InterlockedDecrement,3_2_1003D35E
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,__invoke_watson,___crtGetLocaleInfoW,3_2_1003850E
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: GetLocaleInfoA,GetLocaleInfoA,GetACP,3_2_1003D7AE
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,3_2_1003C7D2
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,3_2_1003D8C5
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: GetLocaleInfoA,_LcidFromHexString,_GetPrimaryLen,_strlen,3_2_1003D95D
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,3_2_1003D9D1
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: GetLocaleInfoA,_LocaleUpdate::_LocaleUpdate,___ascii_strnicmp,__tolower_l,__tolower_l,3_2_1003F9F4
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: _LocaleUpdate::_LocaleUpdate,GetLocaleInfoW,3_2_1003EA86
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLastError,GetLocaleInfoW,__alloca_probe_16,_malloc,GetLocaleInfoW,WideCharToMultiByte,__freea,GetLocaleInfoA,3_2_1003EABA
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,3_2_1003DBA3
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,3_2_1003EBF9
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,3_2_1003DC64
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,3_2_1003DCCB
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,_ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itoa_s,3_2_1003DD07
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement,3_2_1003CE40
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoA,4_2_1003E000
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,InterlockedDecrement,InterlockedDecrement,4_2_1003D098
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: _strcpy_s,GetLocaleInfoA,__snwprintf_s,LoadLibraryA,4_2_1002129B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,InterlockedDecrement,InterlockedDecrement,4_2_1003D35E
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,__invoke_watson,___crtGetLocaleInfoW,4_2_1003850E
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoA,GetLocaleInfoA,GetACP,4_2_1003D7AE
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,4_2_1003C7D2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,4_2_1003D8C5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoA,_LcidFromHexString,_GetPrimaryLen,_strlen,4_2_1003D95D
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,4_2_1003D9D1
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoA,_LocaleUpdate::_LocaleUpdate,___ascii_strnicmp,__tolower_l,__tolower_l,4_2_1003F9F4
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: _LocaleUpdate::_LocaleUpdate,GetLocaleInfoW,4_2_1003EA86
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLastError,GetLocaleInfoW,__alloca_probe_16,_malloc,GetLocaleInfoW,WideCharToMultiByte,__freea,GetLocaleInfoA,4_2_1003EABA
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,4_2_1003DBA3
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,4_2_1003EBF9
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,4_2_1003DC64
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,4_2_1003DCCB
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,_ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itoa_s,4_2_1003DD07
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement,4_2_1003CE40
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1003732F GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,3_2_1003732F
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_10024F01 _memset,GetVersionExA,3_2_10024F01
                      Source: Amcache.hve.11.drBinary or memory string: c:\program files\windows defender\msmpeng.exe

                      Stealing of Sensitive Information:

                      barindex
                      Yara detected EmotetShow sources
                      Source: Yara matchFile source: 3.2.regsvr32.exe.4ad0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.2cc0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.loaddll32.exe.2bb0000.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.4bd0000.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.rundll32.exe.840000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.4d60000.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.2bb0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.regsvr32.exe.4b90000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.4700000.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.2cc0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.rundll32.exe.810000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 10.2.rundll32.exe.810000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.2a40000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.4d90000.8.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.890000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.43d0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.47e0000.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.610000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.4af0000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.890000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.regsvr32.exe.4ad0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.4600000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.2a40000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.4d90000.8.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.4810000.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.4dc0000.9.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.4840000.8.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.4ac0000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.4c00000.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.2cf0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.4d30000.6.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.4700000.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.800000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.4840000.8.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.610000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.50f0000.10.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.4ac0000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.4870000.9.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.50f0000.10.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.5120000.11.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.47e0000.6.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.loaddll32.exe.2b80000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.loaddll32.exe.2bb0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.2b80000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.4730000.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.4d30000.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.2b80000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.loaddll32.exe.2b80000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.4bd0000.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.loaddll32.exe.2b80000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.loaddll32.exe.2b80000.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000005.00000002.717016782.0000000000801000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.684457772.0000000004AC0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.716858406.0000000000610000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.670220213.0000000002A40000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000A.00000002.689034927.0000000000841000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000000.678575035.0000000002BB1000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.669885789.0000000004AD0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000000.678495880.0000000002B80000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.718684948.0000000004840000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.684552558.0000000004BD0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.718453341.0000000004731000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.718808702.0000000004871000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.684493493.0000000004AF1000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.718297944.0000000004601000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.706001315.0000000002B80000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.684814749.0000000004D90000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.718539427.00000000047E0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.684705353.0000000004D30000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.684619193.0000000004C01000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.685007219.00000000050F0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.684870034.0000000004DC1000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.718585654.0000000004811000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.684022811.0000000002CF1000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000000.679958856.0000000002BB1000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.669912238.0000000004B91000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.685051357.0000000005121000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000A.00000002.688964170.0000000000810000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.670284655.00000000043D1000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.683997042.0000000002CC0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000000.679880093.0000000002B80000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.718382473.0000000004700000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.684741919.0000000004D61000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.717062119.0000000000890000.00000040.00000001.sdmp, type: MEMORY
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_10001160 WSAStartup,_memset,htonl,htons,socket,bind,setsockopt,3_2_10001160
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_10001160 WSAStartup,_memset,htonl,htons,socket,bind,setsockopt,4_2_10001160

                      Mitre Att&ck Matrix

                      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                      Valid AccountsNative API2DLL Side-Loading1DLL Side-Loading1Deobfuscate/Decode Files or Information1Input Capture2System Time Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumIngress Tool Transfer1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                      Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsProcess Injection112Obfuscated Files or Information2LSASS MemoryFile and Directory Discovery1Remote Desktop ProtocolInput Capture2Exfiltration Over BluetoothEncrypted Channel1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                      Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)DLL Side-Loading1Security Account ManagerSystem Information Discovery24SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Standard Port1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)File Deletion1NTDSQuery Registry1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol1SIM Card SwapCarrier Billing Fraud
                      Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptMasquerading2LSA SecretsSecurity Software Discovery41SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                      Replication Through Removable MediaLaunchdRc.commonRc.commonVirtualization/Sandbox Evasion2Cached Domain CredentialsVirtualization/Sandbox Evasion2VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                      External Remote ServicesScheduled TaskStartup ItemsStartup ItemsProcess Injection112DCSyncProcess Discovery2Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                      Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobHidden Files and Directories1Proc FilesystemApplication Window Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                      Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Regsvr321/etc/passwd and /etc/shadowRemote System Discovery1Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
                      Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)Rundll321Network SniffingProcess DiscoveryTaint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 553389 Sample: YBfn5E3Dlw.dll Startdate: 14/01/2022 Architecture: WINDOWS Score: 92 43 210.57.209.142 UNAIR-AS-IDUniversitasAirlanggaID Indonesia 2->43 45 85.214.67.203 STRATOSTRATOAGDE Germany 2->45 47 23 other IPs or domains 2->47 55 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->55 57 Found malware configuration 2->57 59 Multi AV Scanner detection for submitted file 2->59 61 3 other signatures 2->61 11 loaddll32.exe 1 2->11         started        13 svchost.exe 4 2->13         started        15 svchost.exe 1 2->15         started        17 3 other processes 2->17 signatures3 process4 process5 19 cmd.exe 1 11->19         started        21 rundll32.exe 2 11->21         started        24 regsvr32.exe 11->24         started        26 WerFault.exe 3 9 11->26         started        28 WerFault.exe 13->28         started        signatures6 30 rundll32.exe 19->30         started        63 Hides that the sample has been downloaded from the Internet (zone.identifier) 21->63 32 rundll32.exe 24->32         started        process7 process8 34 rundll32.exe 2 30->34         started        signatures9 53 Hides that the sample has been downloaded from the Internet (zone.identifier) 34->53 37 rundll32.exe 34->37         started        process10 process11 39 rundll32.exe 37->39         started        dnsIp12 49 45.138.98.34, 49744, 80 M247GB Germany 39->49 51 69.16.218.101, 49753, 8080 LIQUIDWEBUS United States 39->51 65 System process connects to network (likely due to code injection or exploit) 39->65 signatures13

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      YBfn5E3Dlw.dll14%VirustotalBrowse
                      YBfn5E3Dlw.dll19%ReversingLabs

                      Dropped Files

                      No Antivirus matches

                      Unpacked PE Files

                      SourceDetectionScannerLabelLinkDownload
                      10.2.rundll32.exe.810000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                      7.2.rundll32.exe.4bd0000.4.unpack100%AviraHEUR/AGEN.1145233Download File
                      4.2.rundll32.exe.43d0000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      7.2.rundll32.exe.2cc0000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                      0.2.loaddll32.exe.2bb0000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      5.2.rundll32.exe.890000.2.unpack100%AviraHEUR/AGEN.1145233Download File
                      3.2.regsvr32.exe.4ad0000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                      4.2.rundll32.exe.2a40000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                      0.0.loaddll32.exe.2bb0000.4.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      10.2.rundll32.exe.840000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      7.2.rundll32.exe.4d60000.7.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      3.2.regsvr32.exe.4b90000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      7.2.rundll32.exe.4af0000.3.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      5.2.rundll32.exe.4600000.3.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      5.2.rundll32.exe.4810000.7.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      7.2.rundll32.exe.4d90000.8.unpack100%AviraHEUR/AGEN.1145233Download File
                      5.2.rundll32.exe.4840000.8.unpack100%AviraHEUR/AGEN.1145233Download File
                      7.2.rundll32.exe.4ac0000.2.unpack100%AviraHEUR/AGEN.1145233Download File
                      7.2.rundll32.exe.4dc0000.9.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      7.2.rundll32.exe.4c00000.5.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      7.2.rundll32.exe.4d30000.6.unpack100%AviraHEUR/AGEN.1145233Download File
                      7.2.rundll32.exe.2cf0000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      5.2.rundll32.exe.4700000.4.unpack100%AviraHEUR/AGEN.1145233Download File
                      5.2.rundll32.exe.610000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                      5.2.rundll32.exe.800000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      5.2.rundll32.exe.4870000.9.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      7.2.rundll32.exe.50f0000.10.unpack100%AviraHEUR/AGEN.1145233Download File
                      7.2.rundll32.exe.5120000.11.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      0.0.loaddll32.exe.2bb0000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      5.2.rundll32.exe.47e0000.6.unpack100%AviraHEUR/AGEN.1145233Download File
                      0.0.loaddll32.exe.2b80000.3.unpack100%AviraHEUR/AGEN.1145233Download File
                      0.2.loaddll32.exe.2b80000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                      5.2.rundll32.exe.4730000.5.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      0.0.loaddll32.exe.2b80000.0.unpack100%AviraHEUR/AGEN.1145233Download File

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      https://www.disneyplus.com/legal/your-california-privacy-rights0%URL Reputationsafe
                      https://www.disneyplus.com/legal/privacy-policy0%URL Reputationsafe
                      https://www.tiktok.com/legal/report/feedback0%URL Reputationsafe
                      http://help.disneyplus.com.0%URL Reputationsafe
                      http://schemas.microft80%Avira URL Cloudsafe
                      https://disneyplus.com/legal.0%URL Reputationsafe

                      Domains and IPs

                      Contacted Domains

                      No contacted domains info

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      https://www.disneyplus.com/legal/your-california-privacy-rightssvchost.exe, 0000001A.00000003.886654720.0000023BFEF6B000.00000004.00000001.sdmp, svchost.exe, 0000001A.00000003.886573549.0000023BFEF7D000.00000004.00000001.sdmp, svchost.exe, 0000001A.00000003.886627076.0000023BFEFBE000.00000004.00000001.sdmp, svchost.exe, 0000001A.00000003.886609755.0000023BFEFBD000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://www.disneyplus.com/legal/privacy-policysvchost.exe, 0000001A.00000003.886654720.0000023BFEF6B000.00000004.00000001.sdmp, svchost.exe, 0000001A.00000003.886573549.0000023BFEF7D000.00000004.00000001.sdmp, svchost.exe, 0000001A.00000003.886627076.0000023BFEFBE000.00000004.00000001.sdmp, svchost.exe, 0000001A.00000003.886609755.0000023BFEFBD000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://upx.sf.netAmcache.hve.11.drfalse
                        		high
                        https://www.tiktok.com/legal/report/feedbacksvchost.exe, 0000001A.00000003.887579892.0000023BFF402000.00000004.00000001.sdmp, svchost.exe, 0000001A.00000003.887557151.0000023BFEF6F000.00000004.00000001.sdmp, svchost.exe, 0000001A.00000003.887524490.0000023BFEF84000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://help.disneyplus.com.svchost.exe, 0000001A.00000003.886654720.0000023BFEF6B000.00000004.00000001.sdmp, svchost.exe, 0000001A.00000003.886573549.0000023BFEF7D000.00000004.00000001.sdmp, svchost.exe, 0000001A.00000003.886627076.0000023BFEFBE000.00000004.00000001.sdmp, svchost.exe, 0000001A.00000003.886609755.0000023BFEFBD000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://schemas.microft8svchost.exe, 0000001A.00000002.905217861.0000023BFE6EB000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://disneyplus.com/legal.svchost.exe, 0000001A.00000003.886654720.0000023BFEF6B000.00000004.00000001.sdmp, svchost.exe, 0000001A.00000003.886573549.0000023BFEF7D000.00000004.00000001.sdmp, svchost.exe, 0000001A.00000003.886627076.0000023BFEFBE000.00000004.00000001.sdmp, svchost.exe, 0000001A.00000003.886609755.0000023BFEFBD000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        		unknown

                        Contacted IPs

                        • No. of IPs < 25%
                        • 25% < No. of IPs < 50%
                        • 50% < No. of IPs < 75%
                        • 75% < No. of IPs

                        Public

                        IPDomainCountryFlagASNASN NameMalicious
                        207.148.81.119
                        		unknownUnited States
                        		20473AS-CHOOPAUStrue
                        104.131.62.48
                        		unknownUnited States
                        		14061DIGITALOCEAN-ASNUStrue
                        85.214.67.203
                        		unknownGermany
                        		6724STRATOSTRATOAGDEtrue
                        191.252.103.16
                        		unknownBrazil
                        		27715LocawebServicosdeInternetSABRtrue
                        168.197.250.14
                        		unknownArgentina
                        		264776OmarAnselmoRipollTDCNETARtrue
                        66.42.57.149
                        		unknownUnited States
                        		20473AS-CHOOPAUStrue
                        185.148.168.15
                        		unknownGermany
                        		44780EVERSCALE-ASDEtrue
                        51.210.242.234
                        		unknownFrance
                        		16276OVHFRtrue
                        217.182.143.207
                        		unknownFrance
                        		16276OVHFRtrue
                        69.16.218.101
                        		unknownUnited States
                        		32244LIQUIDWEBUStrue
                        159.69.237.188
                        		unknownGermany
                        		24940HETZNER-ASDEtrue
                        45.138.98.34
                        		unknownGermany
                        		9009M247GBtrue
                        116.124.128.206
                        		unknownKorea Republic of
                        		9318SKB-ASSKBroadbandCoLtdKRtrue
                        78.46.73.125
                        		unknownGermany
                        		24940HETZNER-ASDEtrue
                        37.59.209.141
                        		unknownFrance
                        		16276OVHFRtrue
                        210.57.209.142
                        		unknownIndonesia
                        		38142UNAIR-AS-IDUniversitasAirlanggaIDtrue
                        185.148.168.220
                        		unknownGermany
                        		44780EVERSCALE-ASDEtrue
                        54.37.228.122
                        		unknownFrance
                        		16276OVHFRtrue
                        190.90.233.66
                        		unknownColombia
                        		18678INTERNEXASAESPCOtrue
                        142.4.219.173
                        		unknownCanada
                        		16276OVHFRtrue
                        54.38.242.185
                        		unknownFrance
                        		16276OVHFRtrue
                        195.154.146.35
                        		unknownFrance
                        		12876OnlineSASFRtrue
                        195.77.239.39
                        		unknownSpain
                        		60493FICOSA-ASEStrue
                        78.47.204.80
                        		unknownGermany
                        		24940HETZNER-ASDEtrue
                        37.44.244.177
                        		unknownGermany
                        		47583AS-HOSTINGERLTtrue
                        62.171.178.147
                        		unknownUnited Kingdom
                        		51167CONTABODEtrue
                        128.199.192.135
                        		unknownUnited Kingdom
                        		14061DIGITALOCEAN-ASNUStrue

                        General Information

                        Joe Sandbox Version:34.0.0 Boulder Opal
                        Analysis ID:553389
                        Start date:14.01.2022
                        Start time:20:04:34
                        Joe Sandbox Product:CloudBasic
                        Overall analysis duration:0h 11m 41s
                        Hypervisor based Inspection enabled:false
                        Report type:full
                        Sample file name:YBfn5E3Dlw.dll
                        Cookbook file name:default.jbs
                        Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                        Run name:Run with higher sleep bypass
                        Number of analysed new started processes analysed:29
                        Number of new started drivers analysed:0
                        Number of existing processes analysed:0
                        Number of existing drivers analysed:0
                        Number of injected processes analysed:0
                        Technologies:
                        • HCA enabled
                        • EGA enabled
                        • HDC enabled
                        • AMSI enabled
                        Analysis Mode:default
                        Analysis stop reason:Timeout
                        Detection:MAL
                        Classification:mal92.troj.evad.winDLL@27/10@0/27
                        EGA Information:
                        • Successful, ratio: 100%
                        HDC Information:
                        • Successful, ratio: 85.5% (good quality ratio 79.7%)
                        • Quality average: 70.7%
                        • Quality standard deviation: 27%
                        HCA Information:
                        • Successful, ratio: 75%
                        • Number of executed functions: 42
                        • Number of non-executed functions: 238
                        Cookbook Comments:
                        • Adjust boot time
                        • Enable AMSI
                        • Sleeps bigger than 120000ms are automatically reduced to 1000ms
                        • Found application associated with file extension: .dll
                        Warnings:
                        Show All
                        • Exclude process from analysis (whitelisted): taskhostw.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, wuapihost.exe
                        • Excluded IPs from analysis (whitelisted): 173.222.108.210, 173.222.108.226, 8.253.145.49, 8.238.85.126, 8.248.119.254, 8.248.147.254, 8.253.190.120, 20.54.110.249
                        • Excluded domains from analysis (whitelisted): www.bing.com, fg.download.windowsupdate.com.c.footprint.net, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, wu-shim.trafficmanager.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, arc.msn.com, download.windowsupdate.com.edgesuite.net, ris.api.iris.microsoft.com, go.microsoft.com, ocsp.digicert.com, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, login.live.com, store-images.s-microsoft.com, clientconfig.passport.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                        • Not all processes where analyzed, report is missing behavior information
                        • Report creation exceeded maximum time and may have missing disassembly code information.
                        • Report size exceeded maximum capacity and may have missing behavior information.
                        • Report size getting too big, too many NtOpenKeyEx calls found.
                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                        • Report size getting too big, too many NtQueryValueKey calls found.

                        Simulations

                        Behavior and APIs

                        No simulations

                        Joe Sandbox View / Context

                        IPs

                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                        207.148.81.119MUm03X31dO.dllGet hashmaliciousBrowse
                          YBfn5E3Dlw.dllGet hashmaliciousBrowse
                            ALNgwfVtrB.dllGet hashmaliciousBrowse
                              PtBIxmYbK8.dllGet hashmaliciousBrowse
                                MUm03X31dO.dllGet hashmaliciousBrowse
                                  ALNgwfVtrB.dllGet hashmaliciousBrowse
                                    4NBdOVqTyL.dllGet hashmaliciousBrowse
                                      nIQCsrVbbw.dllGet hashmaliciousBrowse
                                        hPJnda9rBy.dllGet hashmaliciousBrowse
                                          nV5Wu77N8J.dllGet hashmaliciousBrowse
                                            nIQCsrVbbw.dllGet hashmaliciousBrowse
                                              hPJnda9rBy.dllGet hashmaliciousBrowse
                                                nV5Wu77N8J.dllGet hashmaliciousBrowse
                                                  OZra.dllGet hashmaliciousBrowse
                                                    RQ6mxb6ssDtBoLUIE.dllGet hashmaliciousBrowse
                                                      EcJ8rbg.dllGet hashmaliciousBrowse
                                                        gyZm68Cgwf.dllGet hashmaliciousBrowse
                                                          5o8zdV3GU3.dllGet hashmaliciousBrowse
                                                            aoPHg7b78c.dllGet hashmaliciousBrowse
                                                              xxWrY2YG7s.dllGet hashmaliciousBrowse
                                                                104.131.62.48MUm03X31dO.dllGet hashmaliciousBrowse
                                                                  YBfn5E3Dlw.dllGet hashmaliciousBrowse
                                                                    ALNgwfVtrB.dllGet hashmaliciousBrowse
                                                                      PtBIxmYbK8.dllGet hashmaliciousBrowse
                                                                        MUm03X31dO.dllGet hashmaliciousBrowse
                                                                          ALNgwfVtrB.dllGet hashmaliciousBrowse
                                                                            4NBdOVqTyL.dllGet hashmaliciousBrowse
                                                                              nIQCsrVbbw.dllGet hashmaliciousBrowse
                                                                                hPJnda9rBy.dllGet hashmaliciousBrowse
                                                                                  nV5Wu77N8J.dllGet hashmaliciousBrowse
                                                                                    nIQCsrVbbw.dllGet hashmaliciousBrowse
                                                                                      hPJnda9rBy.dllGet hashmaliciousBrowse
                                                                                        nV5Wu77N8J.dllGet hashmaliciousBrowse
                                                                                          OZra.dllGet hashmaliciousBrowse
                                                                                            RQ6mxb6ssDtBoLUIE.dllGet hashmaliciousBrowse
                                                                                              EcJ8rbg.dllGet hashmaliciousBrowse
                                                                                                gyZm68Cgwf.dllGet hashmaliciousBrowse
                                                                                                  5o8zdV3GU3.dllGet hashmaliciousBrowse
                                                                                                    aoPHg7b78c.dllGet hashmaliciousBrowse
                                                                                                      xxWrY2YG7s.dllGet hashmaliciousBrowse

                                                                                                        Domains

                                                                                                        No context

                                                                                                        ASN

                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                        AS-CHOOPAUSMUm03X31dO.dllGet hashmaliciousBrowse
                                                                                                        • 66.42.57.149
                                                                                                        YBfn5E3Dlw.dllGet hashmaliciousBrowse
                                                                                                        • 66.42.57.149
                                                                                                        ALNgwfVtrB.dllGet hashmaliciousBrowse
                                                                                                        • 66.42.57.149
                                                                                                        PtBIxmYbK8.dllGet hashmaliciousBrowse
                                                                                                        • 66.42.57.149
                                                                                                        MUm03X31dO.dllGet hashmaliciousBrowse
                                                                                                        • 66.42.57.149
                                                                                                        ALNgwfVtrB.dllGet hashmaliciousBrowse
                                                                                                        • 66.42.57.149
                                                                                                        4NBdOVqTyL.dllGet hashmaliciousBrowse
                                                                                                        • 66.42.57.149
                                                                                                        nIQCsrVbbw.dllGet hashmaliciousBrowse
                                                                                                        • 66.42.57.149
                                                                                                        hPJnda9rBy.dllGet hashmaliciousBrowse
                                                                                                        • 66.42.57.149
                                                                                                        nV5Wu77N8J.dllGet hashmaliciousBrowse
                                                                                                        • 66.42.57.149
                                                                                                        xD2TnigEaY.exeGet hashmaliciousBrowse
                                                                                                        • 208.167.249.72
                                                                                                        nIQCsrVbbw.dllGet hashmaliciousBrowse
                                                                                                        • 66.42.57.149
                                                                                                        hPJnda9rBy.dllGet hashmaliciousBrowse
                                                                                                        • 66.42.57.149
                                                                                                        nV5Wu77N8J.dllGet hashmaliciousBrowse
                                                                                                        • 66.42.57.149
                                                                                                        1nJGU59JPU.exeGet hashmaliciousBrowse
                                                                                                        • 136.244.117.138
                                                                                                        kGl1qp3Ox8.exeGet hashmaliciousBrowse
                                                                                                        • 149.28.78.238
                                                                                                        OZra.dllGet hashmaliciousBrowse
                                                                                                        • 66.42.57.149
                                                                                                        RQ6mxb6ssDtBoLUIE.dllGet hashmaliciousBrowse
                                                                                                        • 66.42.57.149
                                                                                                        EcJ8rbg.dllGet hashmaliciousBrowse
                                                                                                        • 66.42.57.149
                                                                                                        Comrpobante_60.vbsGet hashmaliciousBrowse
                                                                                                        • 149.248.50.230
                                                                                                        DIGITALOCEAN-ASNUSMUm03X31dO.dllGet hashmaliciousBrowse
                                                                                                        • 128.199.192.135
                                                                                                        YBfn5E3Dlw.dllGet hashmaliciousBrowse
                                                                                                        • 128.199.192.135
                                                                                                        ALNgwfVtrB.dllGet hashmaliciousBrowse
                                                                                                        • 128.199.192.135
                                                                                                        PtBIxmYbK8.dllGet hashmaliciousBrowse
                                                                                                        • 128.199.192.135
                                                                                                        MUm03X31dO.dllGet hashmaliciousBrowse
                                                                                                        • 128.199.192.135
                                                                                                        ALNgwfVtrB.dllGet hashmaliciousBrowse
                                                                                                        • 128.199.192.135
                                                                                                        4NBdOVqTyL.dllGet hashmaliciousBrowse
                                                                                                        • 128.199.192.135
                                                                                                        nIQCsrVbbw.dllGet hashmaliciousBrowse
                                                                                                        • 128.199.192.135
                                                                                                        GNXG5XLBEH.exeGet hashmaliciousBrowse
                                                                                                        • 188.166.28.199
                                                                                                        hPJnda9rBy.dllGet hashmaliciousBrowse
                                                                                                        • 128.199.192.135
                                                                                                        nV5Wu77N8J.dllGet hashmaliciousBrowse
                                                                                                        • 128.199.192.135
                                                                                                        nIQCsrVbbw.dllGet hashmaliciousBrowse
                                                                                                        • 128.199.192.135
                                                                                                        hPJnda9rBy.dllGet hashmaliciousBrowse
                                                                                                        • 128.199.192.135
                                                                                                        nV5Wu77N8J.dllGet hashmaliciousBrowse
                                                                                                        • 128.199.192.135
                                                                                                        vk8A1dXh5C.exeGet hashmaliciousBrowse
                                                                                                        • 188.166.28.199
                                                                                                        GahImDA8DA.exeGet hashmaliciousBrowse
                                                                                                        • 188.166.28.199
                                                                                                        prkVkqYIwv.exeGet hashmaliciousBrowse
                                                                                                        • 188.166.28.199
                                                                                                        OZra.dllGet hashmaliciousBrowse
                                                                                                        • 128.199.192.135
                                                                                                        RQ6mxb6ssDtBoLUIE.dllGet hashmaliciousBrowse
                                                                                                        • 128.199.192.135
                                                                                                        EcJ8rbg.dllGet hashmaliciousBrowse
                                                                                                        • 128.199.192.135

                                                                                                        JA3 Fingerprints

                                                                                                        No context

                                                                                                        Dropped Files

                                                                                                        No context

                                                                                                        Created / dropped Files

                                                                                                        C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_loaddll32.exe_12a180e49793e381a8b848106c2e1caa7a6a4277_7cac0383_18322b37\Report.wer
                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                        File Type:Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):65536
                                                                                                        Entropy (8bit):0.7984428121988548
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:96:Hjo4ESnYycy9haol7Jf0pXIQcQSc6mcEUcw3/s+a+z+HbHgpVG4rmMoVazWbSmEl:DfneHsieryjxq/u7sbS274ItW
                                                                                                        MD5:AF6374C79722A2CF9380F6C4B4C4AB51
                                                                                                        SHA1:9A7F43D08B72DA596846A7E927C2F1C3796F1040
                                                                                                        SHA-256:53F69AEA466098A2DC46C032D1275D9C0B52C593D409A338E391B1236008A214
                                                                                                        SHA-512:597817BDDB016DB078B0D1182E2CC07B06EE8B79DB955209A7C96D15FEBFEFD456D93B7AEBE4EA4494E3AFC626A686C0ECCE9CF00CE9D7DCD2BEF53426C1A2D7
                                                                                                        Malicious:false
                                                                                                        Preview: ..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.2.8.6.6.6.0.7.4.1.9.6.3.6.1.8.3.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.6.5.c.a.6.2.e.b.-.6.6.4.5.-.4.1.4.4.-.8.7.6.1.-.5.4.e.9.b.0.8.4.d.1.e.4.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.a.9.8.9.0.7.8.0.-.1.a.4.9.-.4.e.7.b.-.b.3.0.5.-.0.2.e.a.3.a.f.9.b.4.e.1.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.l.o.a.d.d.l.l.3.2...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.a.9.0.-.0.0.0.1.-.0.0.1.b.-.b.a.a.a.-.7.c.b.2.7.9.0.9.d.8.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.d.a.3.9.a.3.e.e.5.e.6.b.4.b.0.d.3.2.5.5.b.f.e.f.9.5.6.0.1.8.9.0.a.f.d.8.0.7.0.9.!.0.0.0.0.d.a.3.9.a.3.e.e.5.e.6.b.4.b.0.d.3.2.5.5.b.f.e.f.9.5.6.0.1.8.9.0.a.f.d.8.0.7.0.9.!.l.o.a.d.d.l.l.3.2...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.1././.1.2././.1.3.:.0.9.:.0.7.:.1.6.!.0.!.l.o.a.d.d.l.l.3.2...e.x.e.....B.o.o.t.I.d.=.4.2.9.4.
                                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER129F.tmp.dmp
                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                        File Type:Mini DuMP crash report, 15 streams, Fri Jan 14 19:05:43 2022, 0x1205a4 type
                                                                                                        Category:dropped
                                                                                                        Size (bytes):45656
                                                                                                        Entropy (8bit):2.0854323149487115
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:192:SPCC+9/fpO5ZNZZHPwbhG0HYtTT4fg4w/G7fTYU0+1aJEzi3jrCzYnKRP:LBxU5DZZvwHHYtTgg4w/GwVCaJEzaBE
                                                                                                        MD5:3FE3B2C264F8304A73949B433455CAB1
                                                                                                        SHA1:6995D596E543E3C8D76D796746E499863FCA4C41
                                                                                                        SHA-256:54B09469053A02950FD5206A8A2B7CCE1159F3D1503821959EF227C5C5F7C046
                                                                                                        SHA-512:2E30D62D899C9D99421829300E3BAB89F539A447F5312AA6B629D99785E020E34FDEC3D0072C02B5586032792B3CA1A4BB6F8471A4BB2877CA98766FBAC3819F
                                                                                                        Malicious:false
                                                                                                        Preview: MDMP....... ..........a....................................$...T............%..........`.......8...........T...............X...........x...........d....................................................................U...........B..............GenuineIntelW...........T...........y..a.............................0..................W... .E.u.r.o.p.e. .S.t.a.n.d.a.r.d. .T.i.m.e.......................................W... .E.u.r.o.p.e. .D.a.y.l.i.g.h.t. .T.i.m.e.......................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.........................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER19A4.tmp.WERInternalMetadata.xml
                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                        File Type:XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):8350
                                                                                                        Entropy (8bit):3.698823860001135
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:192:Rrl7r3GLNiEF6yoZ6YrtSUW6rblgmfdSwG5+pBW89bxWsfPIbm:RrlsNi+6yoZ6YBSUW6rblgmfdSw5x1fB
                                                                                                        MD5:A8ADAB47C897BBF3E1B47910C1062337
                                                                                                        SHA1:4DE919C193AA90418E4595EB7A3475CFC3A69A22
                                                                                                        SHA-256:A74353D26F783234E2EDCDAC551574C367931B13448A0ACDD93E2D57D288BBF3
                                                                                                        SHA-512:86A48B308613F96694D5264A741781C289FBBE698CD0ACE25CDB89FE0E3B02218259AD07A6AEF04802FCDB2E66C7051CF998F27777F7A6DDA263B4323D0A5EA0
                                                                                                        Malicious:false
                                                                                                        Preview: ..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.8.0.0.<./.P.i.d.>.......
                                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER1FEF.tmp.xml
                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):4598
                                                                                                        Entropy (8bit):4.471654725288739
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:48:cvIwSD8zsIJgtWI98yWSC8BT8fm8M4J2+SZFSsd+q84pzUgKcQIcQw0yd:uITfOPTSNSJQzdxUgKkw0yd
                                                                                                        MD5:EC0A6A581B3E20C0F618D1A049B99818
                                                                                                        SHA1:5213B2DE5AC5BAEBCAE286AB713BE17781A68087
                                                                                                        SHA-256:67B4FCCB9BAC2F4F595A5AA2D4EF1736224F0162D20DC0938D4349CBC7B91381
                                                                                                        SHA-512:9227BE123551BE7407441A47CB8F8200AC9461E67E79BB5CE4F5A04C89DBB14E2317BDF5565A3F13DEE3DEA1D3C1539ACB199A6BCFD03354D3D7FDF36F8E2973
                                                                                                        Malicious:false
                                                                                                        Preview: <?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="1342336" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..
                                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER41BF.tmp.csv
                                                                                                        Process:C:\Windows\System32\svchost.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):51860
                                                                                                        Entropy (8bit):3.042012562830765
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:768:3oHN0b2EyOg9/PTwSiheAKWcV1ljtugc2t45Nfs17C:3oHN0bsOg9/PTwSiHgV1ljtugB6DsRC
                                                                                                        MD5:4FB88AB4D6C49857EEEBBA60C0E77698
                                                                                                        SHA1:2C9FCD746C517FFBB55BD87EC6A702B2D5935C71
                                                                                                        SHA-256:6D8590DEF8C4C5E5EFC5601456E6B1ABF695AFA98DE960294D4700FAAA21CCEE
                                                                                                        SHA-512:24607FB36647828FEB5FAEC485AEA418DF6CD1F2CB016F3ABC3247015F4D8D3EC0F13E72C30E833461D5BDB0E94264E830E576A5B7B508CA2129BA608254248A
                                                                                                        Malicious:false
                                                                                                        Preview: I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.
                                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER4867.tmp.txt
                                                                                                        Process:C:\Windows\System32\svchost.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):13340
                                                                                                        Entropy (8bit):2.6942239809629727
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:96:9GiZYWhlhP2r8MYRYHW2UbPHEUYEZu0Ktk0iKMNe0UxwpMYeauJQzhSeIOV3:9jZDh820909beauJWhSpOV3
                                                                                                        MD5:E84C5FA82A411894D88E21777F618774
                                                                                                        SHA1:5B9DD421F204412C5F4D54C6905CC67BB7C42238
                                                                                                        SHA-256:67A9E0A270BD8E440A13605BCB1692532DDD44AEBDE6E4E191B964A6FDD443F2
                                                                                                        SHA-512:F967CD46AE331644A1D07E740D1B20CE4800781672A0FCB908CB2E8A7DB88FC450CD2F631F5738A61F680EB77E4A0CA92F3045B0B0428A092C5DBC73126F55E9
                                                                                                        Malicious:false
                                                                                                        Preview: B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.1.5.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .
                                                                                                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
                                                                                                        Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                        File Type:Microsoft Cabinet archive data, 61414 bytes, 1 file
                                                                                                        Category:dropped
                                                                                                        Size (bytes):61414
                                                                                                        Entropy (8bit):7.995245868798237
                                                                                                        Encrypted:true
                                                                                                        SSDEEP:1536:EysgU6qmzixT64jYMZ8HbVPGfVDwm/xLZ9rP:wF6qmeo4eH1m9wmLvrP
                                                                                                        MD5:ACAEDA60C79C6BCAC925EEB3653F45E0
                                                                                                        SHA1:2AAAE490BCDACCC6172240FF1697753B37AC5578
                                                                                                        SHA-256:6B0CECCF0103AFD89844761417C1D23ACC41F8AEBF3B7230765209B61EEE5658
                                                                                                        SHA-512:FEAA6E7ED7DDA1583739B3E531AB5C562A222EE6ECD042690AE7DCFF966717C6E968469A7797265A11F6E899479AE0F3031E8CF5BEBE1492D5205E9C59690900
                                                                                                        Malicious:false
                                                                                                        Preview: MSCF............,...................I.......;w........RSNj .authroot.stl..>.(.5..CK..8T....c_.d...A.K...+.d.H..*i.RJJ.IQIR..$t)Kd.-[..T\{..ne......<.w......A..B........c...wi......D....c.0D,L........fy....Rg...=........i,3.3..Z....~^ve<...TF.*...f.zy.,...m.@.0.0...m.3..I(..+..v#...(.2....e...L..*y..V.......~U...."<ke.....l.X:Dt..R<7.5\A7L0=..T.V...IDr..8<....r&...I-.^..b.b.".Af....E.._..r.>.`;,.Hob..S.....7'..\.R$.".g..+..64..@nP.....k3...B.`.G..@D.....L.....`^...#OpW.....!....`.....rf:.}.R.@....gR.#7....l..H.#...d.Qh..3..fCX....==#..M.l..~&....[.J9.\..Ww.....Tx.%....]..a4E...q.+...#.*a..x..O..V.t..Y1!.T..`U...-...< _@...|(.....0..3.`.LU...E0.Gu.4KN....5...?.....I.p..'..........N<.d.O..dH@c1t...[w/...T....cYK.X>.0..Z.....O>..9.3.#9X.%.b...5.YK.E.V.....`./.3.._..nN]..=..M.o.F.._..z....._...gY..!Z..?l....vp.l.:.d.Z..W.....~...N.._.k...&.....$......i.F.d.....D!e.....Y..,.E..m.;.1... $.F..O.F.o_}.uG....,.%.>,.Zx.......o....c../.;....g&.....
                                                                                                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
                                                                                                        Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                        File Type:data
                                                                                                        Category:modified
                                                                                                        Size (bytes):328
                                                                                                        Entropy (8bit):3.1145631655870156
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6:kK3kk8SN+SkQlPlEGYRMY9z+4KlDA3RUeYlUmlUR/t:/k9kPlE99SNxAhUeYlUSA/t
                                                                                                        MD5:CA008EF1B8E2DE7E98ED7A1336C3D3A3
                                                                                                        SHA1:0F7D65259F405435698B660F6419239575CFC176
                                                                                                        SHA-256:F1A34F2E83D63946250B8FBF14C551782DC28AD1C0472E5A9973F622594E32E7
                                                                                                        SHA-512:FE8DFD52DD006E99BC2B309870CAECBA52E4F11BD218800F5822CB6EF0C50D6FDDCCD0C1F01FD06B179F923FD35FB1AC248347514639DB8B18F0DD9B99018DC7
                                                                                                        Malicious:false
                                                                                                        Preview: p...... ........H1,.y...(....................................................... ........q.\].......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".0.7.1.e.1.5.c.5.d.c.4.d.7.1.:.0."...
                                                                                                        C:\Windows\appcompat\Programs\Amcache.hve
                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                        File Type:MS Windows registry file, NT/2000 or above
                                                                                                        Category:dropped
                                                                                                        Size (bytes):1572864
                                                                                                        Entropy (8bit):4.235452092194344
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:12288:WFc2FvR3tvpZTvti4u9hkJvDINQbBVM0PK7yvLYLSyvLMYPP:Uc2FvR3tvpNvtiBuI
                                                                                                        MD5:72EC5A47D1DBF26EB12FEF72CA06B676
                                                                                                        SHA1:D3996D42D6B1CD27C1A62F4CA177EC734227D7D5
                                                                                                        SHA-256:88411E965C5EE94CB60E94E926BE1DB44354CDB2075FC511ABD26AFDF0107B9F
                                                                                                        SHA-512:CFEFA028DE84DC99006515023A76BD4747623F6758ABD6FB918951A4D57A1371477CE4EEBF02008B84E2194AF28C56BDF1872D433F0569BC78AACD6286DC9C6C
                                                                                                        Malicious:false
                                                                                                        Preview: regfH...H...p.\..,.................. ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e...4............E.4............E.....5............E.rmtm..y................................................................................................................................................................................................................................................................................................................................................T..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                        C:\Windows\appcompat\Programs\Amcache.hve.LOG1
                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                        File Type:MS Windows registry file, NT/2000 or above
                                                                                                        Category:dropped
                                                                                                        Size (bytes):16384
                                                                                                        Entropy (8bit):3.7179411956841015
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:384:A4Q5K5Jcv4KgnVVeeDzeMu1NKZtjEuT8GRFwcnN:rmKKg/eeDzeMANYtjE7GRFwc
                                                                                                        MD5:157B54979D0E9779EFD65FC00E913031
                                                                                                        SHA1:6F1FE6FC20C63B69F90C06E0736692F39F81FE4F
                                                                                                        SHA-256:D845E5587E7005A46521CBB260846E62FC450584B520A6D20A559FBB846E96E3
                                                                                                        SHA-512:E27765C60F04141E237BBE0F55F41DCD6EC395C004269D5CCF8B6A131777C8BB2457D902FF6B831D02D64EEB5360CF00769DAF3041F9C03D1F71C7F44C23B496
                                                                                                        Malicious:false
                                                                                                        Preview: regfG...G...p.\..,.................. ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e...4............E.4............E.....5............E.rmtm..y................................................................................................................................................................................................................................................................................................................................................T..HvLE.>......G...........Wu.{SQ:...KA............................hbin................p.\..,..........nk,.A...y....... ........................... ...........................&...{ad79c032-a2ea-f756-e377-72fb9332c3ae}......nk .A...y....... ........................... .......Z.......................Root........lf......Root....nk .A...y................................... ...............*...............DeviceCensus.......................vk..................WritePermissionsCheck.......p...

                                                                                                        Static File Info

                                                                                                        General

                                                                                                        File type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                        Entropy (8bit):6.767616444278102
                                                                                                        TrID:
                                                                                                        • Win32 Dynamic Link Library (generic) (1002004/3) 98.32%
                                                                                                        • Windows Screen Saver (13104/52) 1.29%
                                                                                                        • Generic Win/DOS Executable (2004/3) 0.20%
                                                                                                        • DOS Executable Generic (2002/1) 0.20%
                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                        File name:YBfn5E3Dlw.dll
                                                                                                        File size:588288
                                                                                                        MD5:038f9a9d5b96733a9b3030cfbe4e4535
                                                                                                        SHA1:3b8a4b81f0b06514188e4f935d5f4b0858b93806
                                                                                                        SHA256:d46762ba155e3345baf5d9e9453e6cd8e0647438693abddf34f98ae8d6bd436a
                                                                                                        SHA512:3f9aea01963c0d9daa7739277fea7af2b3fe86c41a211fb73b2a35e9506856da91bc334a7c4e63ae83094fe696a8b45e8e5050240a1545e5f891fa4c22512671
                                                                                                        SSDEEP:6144:cNU5LwA22222GgngDrDRVyYli/ci2tEGW78ODQiERtvOSk5DKXOW14IkFxVFgY4E:x5w7YM/cYVV7EWOpOJyvnHtytFyQ
                                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m.......................................^F......^P.n....^W.t....^Y......^A......^G......^B.....Rich....................PE..L..

                                                                                                        File Icon

                                                                                                        Icon Hash:71b018ccc6577131

                                                                                                        Static PE Info

                                                                                                        General

                                                                                                        Entrypoint:0x1002eaac
                                                                                                        Entrypoint Section:.text
                                                                                                        Digitally signed:false
                                                                                                        Imagebase:0x10000000
                                                                                                        Subsystem:windows gui
                                                                                                        Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
                                                                                                        DLL Characteristics:
                                                                                                        Time Stamp:0x61E03DE6 [Thu Jan 13 14:57:42 2022 UTC]
                                                                                                        TLS Callbacks:
                                                                                                        CLR (.Net) Version:
                                                                                                        OS Version Major:5
                                                                                                        OS Version Minor:0
                                                                                                        File Version Major:5
                                                                                                        File Version Minor:0
                                                                                                        Subsystem Version Major:5
                                                                                                        Subsystem Version Minor:0
                                                                                                        Import Hash:7f57698bb210fa88a6b01b1feaf20957

                                                                                                        Entrypoint Preview

                                                                                                        Instruction
                                                                                                        mov edi, edi
                                                                                                        push ebp
                                                                                                        mov ebp, esp
                                                                                                        cmp dword ptr [ebp+0Ch], 01h
                                                                                                        jne 00007F112058DB87h
                                                                                                        call 00007F11205963F8h
                                                                                                        push dword ptr [ebp+08h]
                                                                                                        mov ecx, dword ptr [ebp+10h]
                                                                                                        mov edx, dword ptr [ebp+0Ch]
                                                                                                        call 00007F112058DA71h
                                                                                                        pop ecx
                                                                                                        pop ebp
                                                                                                        retn 000Ch
                                                                                                        mov edi, edi
                                                                                                        push ebp
                                                                                                        mov ebp, esp
                                                                                                        push esi
                                                                                                        push edi
                                                                                                        mov edi, dword ptr [ebp+10h]
                                                                                                        mov eax, edi
                                                                                                        sub eax, 00000000h
                                                                                                        je 00007F112058F16Bh
                                                                                                        dec eax
                                                                                                        je 00007F112058F153h
                                                                                                        dec eax
                                                                                                        je 00007F112058F11Eh
                                                                                                        dec eax
                                                                                                        je 00007F112058F0CFh
                                                                                                        dec eax
                                                                                                        je 00007F112058F03Fh
                                                                                                        mov ecx, dword ptr [ebp+0Ch]
                                                                                                        mov eax, dword ptr [ebp+08h]
                                                                                                        push ebx
                                                                                                        push 00000020h
                                                                                                        pop edx
                                                                                                        jmp 00007F112058DFF7h
                                                                                                        mov esi, dword ptr [eax]
                                                                                                        cmp esi, dword ptr [ecx]
                                                                                                        je 00007F112058DBFEh
                                                                                                        movzx esi, byte ptr [eax]
                                                                                                        movzx ebx, byte ptr [ecx]
                                                                                                        sub esi, ebx
                                                                                                        je 00007F112058DB97h
                                                                                                        xor ebx, ebx
                                                                                                        test esi, esi
                                                                                                        setnle bl
                                                                                                        lea ebx, dword ptr [ebx+ebx-01h]
                                                                                                        mov esi, ebx
                                                                                                        test esi, esi
                                                                                                        jne 00007F112058DFEFh
                                                                                                        movzx esi, byte ptr [eax+01h]
                                                                                                        movzx ebx, byte ptr [ecx+01h]
                                                                                                        sub esi, ebx
                                                                                                        je 00007F112058DB97h
                                                                                                        xor ebx, ebx
                                                                                                        test esi, esi
                                                                                                        setnle bl
                                                                                                        lea ebx, dword ptr [ebx+ebx-01h]
                                                                                                        mov esi, ebx
                                                                                                        test esi, esi
                                                                                                        jne 00007F112058DFCEh
                                                                                                        movzx esi, byte ptr [eax+02h]
                                                                                                        movzx ebx, byte ptr [ecx+02h]
                                                                                                        sub esi, ebx
                                                                                                        je 00007F112058DB97h
                                                                                                        xor ebx, ebx
                                                                                                        test esi, esi
                                                                                                        setnle bl
                                                                                                        lea ebx, dword ptr [ebx+ebx-01h]
                                                                                                        mov esi, ebx
                                                                                                        test esi, esi
                                                                                                        jne 00007F112058DFADh

                                                                                                        Rich Headers

                                                                                                        Programming Language:
                                                                                                        • [ C ] VS2008 build 21022
                                                                                                        • [LNK] VS2008 build 21022
                                                                                                        • [ C ] VS2005 build 50727
                                                                                                        • [ASM] VS2008 build 21022
                                                                                                        • [IMP] VS2005 build 50727
                                                                                                        • [RES] VS2008 build 21022
                                                                                                        • [EXP] VS2008 build 21022
                                                                                                        • [C++] VS2008 build 21022

                                                                                                        Data Directories

                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x50bc00x50.rdata
                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x4f5380xb4.rdata
                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x890000x3410.rsrc
                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x8d0000x415c.reloc
                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x4bd000x40.rdata
                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x470000x454.rdata
                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x4f4b00x40.rdata
                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                        Sections

                                                                                                        NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                        .text0x10000x45bb90x45c00False0.379756804435data6.37093799262IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                        .rdata0x470000x9c100x9e00False0.357421875data5.22224282466IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                        .data0x510000x3735c0x33800False0.741035535498data6.11335979295IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                        .rsrc0x890000x34100x3600False0.306640625data4.34913645958IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                        .reloc0x8d0000x8c340x8e00False0.346308318662data4.00973830682IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                        Resources

                                                                                                        NameRVASizeTypeLanguageCountry
                                                                                                        RT_CURSOR0x89ac00x134dataChineseChina
                                                                                                        RT_CURSOR0x89bf40xb4dataChineseChina
                                                                                                        RT_CURSOR0x89ca80x134AmigaOS bitmap fontChineseChina
                                                                                                        RT_CURSOR0x89ddc0x134dataChineseChina
                                                                                                        RT_CURSOR0x89f100x134dataChineseChina
                                                                                                        RT_CURSOR0x8a0440x134dataChineseChina
                                                                                                        RT_CURSOR0x8a1780x134dataChineseChina
                                                                                                        RT_CURSOR0x8a2ac0x134dataChineseChina
                                                                                                        RT_CURSOR0x8a3e00x134dataChineseChina
                                                                                                        RT_CURSOR0x8a5140x134dataChineseChina
                                                                                                        RT_CURSOR0x8a6480x134dataChineseChina
                                                                                                        RT_CURSOR0x8a77c0x134dataChineseChina
                                                                                                        RT_CURSOR0x8a8b00x134AmigaOS bitmap fontChineseChina
                                                                                                        RT_CURSOR0x8a9e40x134dataChineseChina
                                                                                                        RT_CURSOR0x8ab180x134dataChineseChina
                                                                                                        RT_CURSOR0x8ac4c0x134dataChineseChina
                                                                                                        RT_BITMAP0x8ad800xb8dataChineseChina
                                                                                                        RT_BITMAP0x8ae380x144dataChineseChina
                                                                                                        RT_ICON0x8af7c0x2e8dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 67108992, next used block 3293332676ChineseChina
                                                                                                        RT_ICON0x8b2640x128GLS_BINARY_LSB_FIRSTChineseChina
                                                                                                        RT_DIALOG0x8b38c0x33cdataChineseChina
                                                                                                        RT_DIALOG0x8b6c80xe2dataChineseChina
                                                                                                        RT_DIALOG0x8b7ac0x34dataChineseChina
                                                                                                        RT_STRING0x8b7e00x4edataChineseChina
                                                                                                        RT_STRING0x8b8300x2cdataChineseChina
                                                                                                        RT_STRING0x8b85c0x82dataChineseChina
                                                                                                        RT_STRING0x8b8e00x1d6dataChineseChina
                                                                                                        RT_STRING0x8bab80x160dataChineseChina
                                                                                                        RT_STRING0x8bc180x12edataChineseChina
                                                                                                        RT_STRING0x8bd480x50dataChineseChina
                                                                                                        RT_STRING0x8bd980x44dataChineseChina
                                                                                                        RT_STRING0x8bddc0x68dataChineseChina
                                                                                                        RT_STRING0x8be440x1b8dataChineseChina
                                                                                                        RT_STRING0x8bffc0x104dataChineseChina
                                                                                                        RT_STRING0x8c1000x24dataChineseChina
                                                                                                        RT_STRING0x8c1240x30dataChineseChina
                                                                                                        RT_GROUP_CURSOR0x8c1540x22Lotus unknown worksheet or configuration, revision 0x2ChineseChina
                                                                                                        RT_GROUP_CURSOR0x8c1780x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina
                                                                                                        RT_GROUP_CURSOR0x8c18c0x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina
                                                                                                        RT_GROUP_CURSOR0x8c1a00x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina
                                                                                                        RT_GROUP_CURSOR0x8c1b40x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina
                                                                                                        RT_GROUP_CURSOR0x8c1c80x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina
                                                                                                        RT_GROUP_CURSOR0x8c1dc0x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina
                                                                                                        RT_GROUP_CURSOR0x8c1f00x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina
                                                                                                        RT_GROUP_CURSOR0x8c2040x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina
                                                                                                        RT_GROUP_CURSOR0x8c2180x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina
                                                                                                        RT_GROUP_CURSOR0x8c22c0x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina
                                                                                                        RT_GROUP_CURSOR0x8c2400x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina
                                                                                                        RT_GROUP_CURSOR0x8c2540x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina
                                                                                                        RT_GROUP_CURSOR0x8c2680x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina
                                                                                                        RT_GROUP_CURSOR0x8c27c0x14Lotus unknown worksheet or configuration, revision 0x1ChineseChina
                                                                                                        RT_GROUP_ICON0x8c2900x22dataChineseChina
                                                                                                        RT_MANIFEST0x8c2b40x15aASCII text, with CRLF line terminatorsEnglishUnited States

                                                                                                        Imports

                                                                                                        DLLImport
                                                                                                        KERNEL32.dllGetOEMCP, GetCommandLineA, RtlUnwind, ExitProcess, HeapReAlloc, RaiseException, HeapSize, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetACP, IsValidCodePage, LCMapStringA, LCMapStringW, HeapCreate, HeapDestroy, GetStdHandle, GetCPInfo, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, QueryPerformanceCounter, GetTickCount, GetSystemTimeAsFileTime, InitializeCriticalSectionAndSpinCount, GetConsoleCP, GetConsoleMode, GetStringTypeA, GetStringTypeW, GetUserDefaultLCID, EnumSystemLocalesA, IsValidLocale, GetLocaleInfoW, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, GetModuleHandleW, CreateFileA, GetCurrentProcess, FlushFileBuffers, SetFilePointer, WriteFile, ReadFile, InterlockedIncrement, TlsFree, LocalReAlloc, TlsSetValue, TlsAlloc, GlobalHandle, GlobalReAlloc, TlsGetValue, LocalAlloc, WritePrivateProfileStringA, GlobalFlags, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSection, GlobalGetAtomNameA, GlobalFindAtomA, lstrcmpW, GetVersionExA, FormatMessageA, LocalFree, lstrlenA, InterlockedDecrement, MulDiv, MultiByteToWideChar, GlobalUnlock, GlobalFree, FreeResource, GlobalAddAtomA, GetCurrentProcessId, GetLastError, GlobalDeleteAtom, GetCurrentThread, GetCurrentThreadId, ConvertDefaultLocale, EnumResourceLanguagesA, GetModuleFileNameA, GetLocaleInfoA, WideCharToMultiByte, CompareStringA, FindResourceA, LoadResource, LockResource, SizeofResource, InterlockedExchange, GlobalLock, lstrcmpA, GlobalAlloc, GetModuleHandleA, CreateThread, CloseHandle, VirtualProtect, LoadLibraryA, VirtualAlloc, GetProcAddress, SetLastError, Sleep, IsBadReadPtr, GetProcessHeap, VirtualFree, HeapFree, HeapAlloc, FreeLibrary, VirtualQuery, SetHandleCount, GetNativeSystemInfo
                                                                                                        USER32.dllLoadCursorA, GetSysColorBrush, SetWindowTextA, IsDialogMessageA, SetDlgItemTextA, GetDlgItemTextA, RegisterWindowMessageA, SendDlgItemMessageA, WinHelpA, GetCapture, GetClassLongA, GetClassNameA, SetPropA, GetPropA, RemovePropA, GetForegroundWindow, GetTopWindow, GetMessageTime, GetMessagePos, MapWindowPoints, SetMenu, SetForegroundWindow, CreateWindowExA, GetClassInfoExA, GetClassInfoA, RegisterClassA, AdjustWindowRectEx, CopyRect, PtInRect, GetDlgCtrlID, DefWindowProcA, CallWindowProcA, SetWindowLongA, SetWindowPos, SystemParametersInfoA, GetWindowPlacement, GetWindowRect, GetMenuItemID, GetMenuItemCount, GetSubMenu, UnhookWindowsHookEx, GetSysColor, EndPaint, BeginPaint, ReleaseDC, GetDC, ClientToScreen, GrayStringA, DrawTextExA, DrawTextA, TabbedTextOutA, GetWindowTextLengthA, GetWindowTextA, GetWindow, SetFocus, GetDesktopWindow, SetActiveWindow, CreateDialogIndirectParamA, DestroyWindow, IsWindow, GetDlgItem, GetNextDlgTabItem, EndDialog, SetWindowsHookExA, CallNextHookEx, GetMessageA, DestroyMenu, UpdateWindow, TranslateMessage, DispatchMessageA, GetActiveWindow, IsWindowVisible, GetKeyState, PeekMessageA, GetCursorPos, ValidateRect, GetWindowThreadProcessId, GetWindowLongA, GetLastActivePopup, IsWindowEnabled, MessageBoxA, SetCursor, PostQuitMessage, SetMenuItemBitmaps, GetMenuCheckMarkDimensions, LoadBitmapA, GetFocus, GetParent, ModifyMenuA, GetMenuState, EnableMenuItem, CheckMenuItem, SetTimer, IsIconic, KillTimer, LoadIconA, DrawIcon, GetClientRect, SendMessageA, ShowWindow, PostMessageA, GetSystemMetrics, EnableWindow, GetMenu
                                                                                                        GDI32.dllGetStockObject, SelectObject, GetDeviceCaps, DeleteDC, Escape, ExtTextOutA, TextOutA, RectVisible, ScaleWindowExtEx, SetWindowExtEx, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx, CreateBitmap, PtVisible, GetObjectA, DeleteObject, GetClipBox, SetMapMode, SetTextColor, SetBkColor, RestoreDC, SaveDC, SetViewportOrgEx
                                                                                                        WINSPOOL.DRVDocumentPropertiesA, ClosePrinter, OpenPrinterA
                                                                                                        ADVAPI32.dllRegSetValueExA, RegCreateKeyExA, RegQueryValueA, RegOpenKeyA, RegEnumKeyA, RegDeleteKeyA, RegOpenKeyExA, RegQueryValueExA, RegCloseKey
                                                                                                        SHLWAPI.dllPathFindExtensionA
                                                                                                        OLEAUT32.dllVariantClear, VariantChangeType, VariantInit
                                                                                                        WS2_32.dllhtons, setsockopt, sendto, htonl, bind, socket, closesocket, inet_addr, recvfrom, WSACleanup, WSAStartup

                                                                                                        Exports

                                                                                                        NameOrdinalAddress
                                                                                                        DllRegisterServer10x1001df20

                                                                                                        Possible Origin

                                                                                                        Language of compilation systemCountry where language is spokenMap
                                                                                                        ChineseChina
                                                                                                        EnglishUnited States

                                                                                                        Network Behavior

                                                                                                        Snort IDS Alerts

                                                                                                        TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                        01/14/22-19:50:18.278585TCP2404332ET CNC Feodo Tracker Reported CnC Server TCP group 174979080192.168.2.445.138.98.34
                                                                                                        01/14/22-19:50:19.639317TCP2404338ET CNC Feodo Tracker Reported CnC Server TCP group 20497918080192.168.2.469.16.218.101

                                                                                                        Network Port Distribution

                                                                                                        TCP Packets

                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                        Jan 14, 2022 20:06:06.116743088 CET4974480192.168.2.445.138.98.34
                                                                                                        Jan 14, 2022 20:06:06.133694887 CET804974445.138.98.34192.168.2.4
                                                                                                        Jan 14, 2022 20:06:06.783576012 CET4974480192.168.2.445.138.98.34
                                                                                                        Jan 14, 2022 20:06:06.800250053 CET804974445.138.98.34192.168.2.4
                                                                                                        Jan 14, 2022 20:06:07.377583981 CET4974480192.168.2.445.138.98.34
                                                                                                        Jan 14, 2022 20:06:07.394481897 CET804974445.138.98.34192.168.2.4
                                                                                                        Jan 14, 2022 20:06:07.424005985 CET497538080192.168.2.469.16.218.101
                                                                                                        Jan 14, 2022 20:06:07.554267883 CET80804975369.16.218.101192.168.2.4
                                                                                                        Jan 14, 2022 20:06:07.555206060 CET497538080192.168.2.469.16.218.101
                                                                                                        Jan 14, 2022 20:06:07.564655066 CET497538080192.168.2.469.16.218.101
                                                                                                        Jan 14, 2022 20:06:07.695925951 CET80804975369.16.218.101192.168.2.4
                                                                                                        Jan 14, 2022 20:06:07.708126068 CET80804975369.16.218.101192.168.2.4
                                                                                                        Jan 14, 2022 20:06:07.708173990 CET80804975369.16.218.101192.168.2.4
                                                                                                        Jan 14, 2022 20:06:07.708231926 CET497538080192.168.2.469.16.218.101
                                                                                                        Jan 14, 2022 20:06:12.544712067 CET497538080192.168.2.469.16.218.101
                                                                                                        Jan 14, 2022 20:06:12.674920082 CET80804975369.16.218.101192.168.2.4
                                                                                                        Jan 14, 2022 20:06:12.675529003 CET80804975369.16.218.101192.168.2.4
                                                                                                        Jan 14, 2022 20:06:12.675599098 CET497538080192.168.2.469.16.218.101
                                                                                                        Jan 14, 2022 20:06:12.696691036 CET497538080192.168.2.469.16.218.101
                                                                                                        Jan 14, 2022 20:06:12.826927900 CET80804975369.16.218.101192.168.2.4
                                                                                                        Jan 14, 2022 20:06:13.577033043 CET80804975369.16.218.101192.168.2.4
                                                                                                        Jan 14, 2022 20:06:13.577132940 CET497538080192.168.2.469.16.218.101
                                                                                                        Jan 14, 2022 20:06:16.579180956 CET80804975369.16.218.101192.168.2.4
                                                                                                        Jan 14, 2022 20:06:16.579222918 CET80804975369.16.218.101192.168.2.4
                                                                                                        Jan 14, 2022 20:06:16.579468966 CET497538080192.168.2.469.16.218.101
                                                                                                        Jan 14, 2022 20:07:56.091671944 CET497538080192.168.2.469.16.218.101
                                                                                                        Jan 14, 2022 20:07:56.091768026 CET497538080192.168.2.469.16.218.101

                                                                                                        Code Manipulations

                                                                                                        Statistics

                                                                                                        CPU Usage

                                                                                                        Click to jump to process

                                                                                                        Memory Usage

                                                                                                        Click to jump to process

                                                                                                        High Level Behavior Distribution

                                                                                                        Click to dive into process behavior distribution

                                                                                                        Behavior

                                                                                                        Click to jump to process

                                                                                                        System Behavior

                                                                                                        Analysis Process: loaddll32.exe PID: 6800 Parent PID: 5852

                                                                                                        General

                                                                                                        Start time:20:05:29
                                                                                                        Start date:14/01/2022
                                                                                                        Path:C:\Windows\System32\loaddll32.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:loaddll32.exe "C:\Users\user\Desktop\YBfn5E3Dlw.dll"
                                                                                                        Imagebase:0x1190000
                                                                                                        File size:116736 bytes
                                                                                                        MD5 hash:7DEB5DB86C0AC789123DEC286286B938
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Yara matches:
                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000000.00000000.678575035.0000000002BB1000.00000020.00000001.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000000.00000000.678495880.0000000002B80000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000000.00000002.706001315.0000000002B80000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000000.00000000.679958856.0000000002BB1000.00000020.00000001.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000000.00000000.679880093.0000000002B80000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                        Reputation:moderate

                                                                                                        Chronological Activities

                                                                                                        Analysis Process: cmd.exe PID: 6832 Parent PID: 6800

                                                                                                        General

                                                                                                        Start time:20:05:30
                                                                                                        Start date:14/01/2022
                                                                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:cmd.exe /C rundll32.exe "C:\Users\user\Desktop\YBfn5E3Dlw.dll",#1
                                                                                                        Imagebase:0x11d0000
                                                                                                        File size:232960 bytes
                                                                                                        MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Reputation:high

                                                                                                        Chronological Activities

                                                                                                        Analysis Process: regsvr32.exe PID: 6856 Parent PID: 6800

                                                                                                        General

                                                                                                        Start time:20:05:30
                                                                                                        Start date:14/01/2022
                                                                                                        Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:regsvr32.exe /s C:\Users\user\Desktop\YBfn5E3Dlw.dll
                                                                                                        Imagebase:0xd40000
                                                                                                        File size:20992 bytes
                                                                                                        MD5 hash:426E7499F6A7346F0410DEAD0805586B
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Yara matches:
                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000003.00000002.669885789.0000000004AD0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000003.00000002.669912238.0000000004B91000.00000020.00000001.sdmp, Author: Joe Security
                                                                                                        Reputation:high

                                                                                                        Chronological Activities

                                                                                                        Analysis Process: rundll32.exe PID: 6868 Parent PID: 6832

                                                                                                        General

                                                                                                        Start time:20:05:30
                                                                                                        Start date:14/01/2022
                                                                                                        Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:rundll32.exe "C:\Users\user\Desktop\YBfn5E3Dlw.dll",#1
                                                                                                        Imagebase:0x8c0000
                                                                                                        File size:61952 bytes
                                                                                                        MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Yara matches:
                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000004.00000002.670220213.0000000002A40000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000004.00000002.670284655.00000000043D1000.00000020.00000001.sdmp, Author: Joe Security
                                                                                                        Reputation:high

                                                                                                        Chronological Activities

                                                                                                        Analysis Process: rundll32.exe PID: 6916 Parent PID: 6800

                                                                                                        General

                                                                                                        Start time:20:05:31
                                                                                                        Start date:14/01/2022
                                                                                                        Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:rundll32.exe C:\Users\user\Desktop\YBfn5E3Dlw.dll,DllRegisterServer
                                                                                                        Imagebase:0x8c0000
                                                                                                        File size:61952 bytes
                                                                                                        MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Yara matches:
                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000005.00000002.717016782.0000000000801000.00000020.00000001.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000005.00000002.716858406.0000000000610000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000005.00000002.718684948.0000000004840000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000005.00000002.718453341.0000000004731000.00000020.00000001.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000005.00000002.718808702.0000000004871000.00000020.00000001.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000005.00000002.718297944.0000000004601000.00000020.00000001.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000005.00000002.718539427.00000000047E0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000005.00000002.718585654.0000000004811000.00000020.00000001.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000005.00000002.718382473.0000000004700000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000005.00000002.717062119.0000000000890000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                        Reputation:high

                                                                                                        Chronological Activities

                                                                                                        Analysis Process: rundll32.exe PID: 6952 Parent PID: 6856

                                                                                                        General

                                                                                                        Start time:20:05:32
                                                                                                        Start date:14/01/2022
                                                                                                        Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\YBfn5E3Dlw.dll",DllRegisterServer
                                                                                                        Imagebase:0x8c0000
                                                                                                        File size:61952 bytes
                                                                                                        MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Reputation:high

                                                                                                        Chronological Activities

                                                                                                        Analysis Process: rundll32.exe PID: 6972 Parent PID: 6868

                                                                                                        General

                                                                                                        Start time:20:05:32
                                                                                                        Start date:14/01/2022
                                                                                                        Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\YBfn5E3Dlw.dll",DllRegisterServer
                                                                                                        Imagebase:0x8c0000
                                                                                                        File size:61952 bytes
                                                                                                        MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Yara matches:
                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000007.00000002.684457772.0000000004AC0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000007.00000002.684552558.0000000004BD0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000007.00000002.684493493.0000000004AF1000.00000020.00000001.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000007.00000002.684814749.0000000004D90000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000007.00000002.684705353.0000000004D30000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000007.00000002.684619193.0000000004C01000.00000020.00000001.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000007.00000002.685007219.00000000050F0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000007.00000002.684870034.0000000004DC1000.00000020.00000001.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000007.00000002.684022811.0000000002CF1000.00000020.00000001.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000007.00000002.685051357.0000000005121000.00000020.00000001.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000007.00000002.683997042.0000000002CC0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000007.00000002.684741919.0000000004D61000.00000020.00000001.sdmp, Author: Joe Security
                                                                                                        Reputation:high

                                                                                                        Chronological Activities

                                                                                                        Analysis Process: svchost.exe PID: 7100 Parent PID: 568

                                                                                                        General

                                                                                                        Start time:20:05:35
                                                                                                        Start date:14/01/2022
                                                                                                        Path:C:\Windows\System32\svchost.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:C:\Windows\System32\svchost.exe -k WerSvcGroup
                                                                                                        Imagebase:0x7ff6eb840000
                                                                                                        File size:51288 bytes
                                                                                                        MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Reputation:high

                                                                                                        Chronological Activities

                                                                                                        Analysis Process: WerFault.exe PID: 7160 Parent PID: 7100

                                                                                                        General

                                                                                                        Start time:20:05:36
                                                                                                        Start date:14/01/2022
                                                                                                        Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 6800 -ip 6800
                                                                                                        Imagebase:0x1c0000
                                                                                                        File size:434592 bytes
                                                                                                        MD5 hash:9E2B8ACAD48ECCA55C0230D63623661B
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Reputation:high

                                                                                                        Chronological Activities

                                                                                                        Analysis Process: rundll32.exe PID: 6364 Parent PID: 6972

                                                                                                        General

                                                                                                        Start time:20:05:37
                                                                                                        Start date:14/01/2022
                                                                                                        Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Iqfwjbrvgdbzcukj\zdbnyk.tut",UUsSizCGlqQiDK
                                                                                                        Imagebase:0x8c0000
                                                                                                        File size:61952 bytes
                                                                                                        MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Yara matches:
                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.689034927.0000000000841000.00000020.00000001.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.688964170.0000000000810000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                        Reputation:high

                                                                                                        Chronological Activities

                                                                                                        Analysis Process: WerFault.exe PID: 6472 Parent PID: 6800

                                                                                                        General

                                                                                                        Start time:20:05:38
                                                                                                        Start date:14/01/2022
                                                                                                        Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6800 -s 524
                                                                                                        Imagebase:0x1c0000
                                                                                                        File size:434592 bytes
                                                                                                        MD5 hash:9E2B8ACAD48ECCA55C0230D63623661B
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Reputation:high

                                                                                                        Chronological Activities

                                                                                                        Analysis Process: rundll32.exe PID: 6468 Parent PID: 6364

                                                                                                        General

                                                                                                        Start time:20:05:39
                                                                                                        Start date:14/01/2022
                                                                                                        Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\Iqfwjbrvgdbzcukj\zdbnyk.tut",DllRegisterServer
                                                                                                        Imagebase:0x8c0000
                                                                                                        File size:61952 bytes
                                                                                                        MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Reputation:high

                                                                                                        Chronological Activities

                                                                                                        Analysis Process: svchost.exe PID: 5964 Parent PID: 568

                                                                                                        General

                                                                                                        Start time:20:06:38
                                                                                                        Start date:14/01/2022
                                                                                                        Path:C:\Windows\System32\svchost.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                                                                        Imagebase:0x7ff6eb840000
                                                                                                        File size:51288 bytes
                                                                                                        MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language

                                                                                                        Chronological Activities

                                                                                                        Analysis Process: svchost.exe PID: 6864 Parent PID: 568

                                                                                                        General

                                                                                                        Start time:20:06:44
                                                                                                        Start date:14/01/2022
                                                                                                        Path:C:\Windows\System32\svchost.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                                                                        Imagebase:0x7ff6eb840000
                                                                                                        File size:51288 bytes
                                                                                                        MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language

                                                                                                        Chronological Activities

                                                                                                        Analysis Process: svchost.exe PID: 7160 Parent PID: 568

                                                                                                        General

                                                                                                        Start time:20:07:02
                                                                                                        Start date:14/01/2022
                                                                                                        Path:C:\Windows\System32\svchost.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                                                                        Imagebase:0x7ff6eb840000
                                                                                                        File size:51288 bytes
                                                                                                        MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language

                                                                                                        Chronological Activities

                                                                                                        Analysis Process: svchost.exe PID: 5892 Parent PID: 568

                                                                                                        General

                                                                                                        Start time:20:07:12
                                                                                                        Start date:14/01/2022
                                                                                                        Path:C:\Windows\System32\svchost.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                                                                        Imagebase:0x7ff6eb840000
                                                                                                        File size:51288 bytes
                                                                                                        MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language

                                                                                                        Chronological Activities

                                                                                                        Disassembly

                                                                                                        Code Analysis

                                                                                                        Reset < >

                                                                                                          Analysis Process: loaddll32.exe PID: 6800 Parent PID: 5852 loaddll32.exeCOMMON

                                                                                                          Execution Graph

                                                                                                          Execution Coverage:2.1%
                                                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                                                          Signature Coverage:55.8%
                                                                                                          Total number of Nodes:1072
                                                                                                          Total number of Limit Nodes:5

                                                                                                          Graph

                                                                                                          execution_graph 4117 2bbf1cb 4122 2bb8636 4117->4122 4119 2bbf26d 4120 2bcd11a GetPEB 4119->4120 4121 2bbf281 4120->4121 4130 2bb9ad5 4122->4130 4123 2bba3e5 4372 2bc27f9 4123->4372 4126 2bd0e63 GetPEB 4126->4130 4130->4123 4130->4126 4132 2bba3c7 4130->4132 4133 2bba3c5 4130->4133 4146 2bc3d85 GetPEB 4130->4146 4153 2bd2b09 GetPEB 4130->4153 4157 2bcfecb GetPEB 4130->4157 4159 2bd1028 4130->4159 4163 2bc4f74 4130->4163 4171 2bc2142 4130->4171 4185 2bb670b 4130->4185 4193 2bb77a3 4130->4193 4198 2bb30e7 4130->4198 4203 2bd2699 4130->4203 4207 2bcbd13 4130->4207 4211 2bcd1bc 4130->4211 4221 2bbbdf9 4130->4221 4224 2bc3eaa 4130->4224 4230 2bbde74 4130->4230 4240 2bce955 4130->4240 4251 2bb4b5d 4130->4251 4254 2bd2009 4130->4254 4265 2bbc6b8 4130->4265 4278 2bbd14c 4130->4278 4291 2bcc5d5 4130->4291 4295 2bcfbde 4130->4295 4300 2bc4a66 4130->4300 4310 2bcad08 4130->4310 4320 2bcc387 4130->4320 4325 2bce4e5 4130->4325 4337 2bc9a01 4130->4337 4346 2bc8d3d 4130->4346 4353 2bba445 4130->4353 4362 2bd17bd 4132->4362 4133->4119 4146->4130 4153->4130 4157->4130 4160 2bd1041 4159->4160 4161 2bbeb52 GetPEB 4160->4161 4162 2bd10cd 4161->4162 4162->4130 4168 2bc522f 4163->4168 4165 2bc09dd GetPEB 4165->4168 4166 2bce1f8 GetPEB 4166->4168 4167 2bc5328 4167->4130 4168->4165 4168->4166 4168->4167 4169 2bd2d0a GetPEB 4168->4169 4170 2bcfecb GetPEB 4168->4170 4386 2bc437a 4168->4386 4169->4168 4170->4168 4177 2bc2628 4171->4177 4172 2bce1f8 GetPEB 4172->4177 4173 2bc27af 4176 2bd2b09 GetPEB 4173->4176 4175 2bc2793 4422 2bbf7fe 4175->4422 4179 2bc27c9 4176->4179 4177->4172 4177->4173 4177->4175 4180 2bbc5d8 GetPEB 4177->4180 4181 2bcfecb GetPEB 4177->4181 4184 2bc2791 4177->4184 4414 2bc8b9e 4177->4414 4418 2bb738a 4177->4418 4183 2bd2b09 GetPEB 4179->4183 4180->4177 4181->4177 4183->4184 4184->4130 4192 2bb6a16 4185->4192 4187 2bd0db1 GetPEB 4187->4192 4189 2bd45ca GetPEB 4189->4192 4190 2bb6b43 4190->4130 4191 2bd1538 GetPEB 4191->4192 4192->4187 4192->4189 4192->4190 4192->4191 4426 2bcdbc1 4192->4426 4430 2bcca1f 4192->4430 4197 2bb77cc 4193->4197 4194 2bb7e67 4194->4130 4195 2bbc5d8 GetPEB 4195->4197 4196 2bccad5 GetPEB 4196->4197 4197->4194 4197->4195 4197->4196 4200 2bb31a7 4198->4200 4199 2bb325b 4199->4130 4200->4199 4434 2bd161b 4200->4434 4438 2bd2a36 4200->4438 4206 2bd26b3 4203->4206 4204 2bd27a6 4204->4130 4205 2bcff58 GetPEB 4205->4206 4206->4204 4206->4205 4208 2bcbd2c 4207->4208 4209 2bbeb52 GetPEB 4208->4209 4210 2bcbdd2 4209->4210 4210->4130 4220 2bcd202 4211->4220 4213 2bcfe2a GetPEB 4213->4220 4217 2bcd8c2 4217->4130 4218 2bd2b09 GetPEB 4218->4220 4220->4213 4220->4217 4220->4218 4442 2bb6b7a 4220->4442 4450 2bc5779 4220->4450 4462 2bb80c0 4220->4462 4472 2bc2e5d 4220->4472 4490 2bc67e6 4220->4490 4222 2bbc5d8 GetPEB 4221->4222 4223 2bbbe8c 4222->4223 4223->4130 4225 2bc4051 4224->4225 4226 2bc416b 4225->4226 4227 2bc09dd GetPEB 4225->4227 4638 2bbdd35 4225->4638 4641 2bc0aba 4225->4641 4226->4130 4227->4225 4231 2bbe069 4230->4231 4232 2bbe1e6 4231->4232 4234 2bbe1e4 4231->4234 4237 2bd2b09 GetPEB 4231->4237 4239 2bbc307 GetPEB 4231->4239 4682 2bce0f2 4231->4682 4686 2bc8c7d 4231->4686 4690 2bcf840 4231->4690 4697 2bb54b6 4232->4697 4234->4130 4237->4231 4239->4231 4246 2bcedaa 4240->4246 4241 2bd45ca GetPEB 4241->4246 4242 2bcefc1 4243 2bd1538 GetPEB 4242->4243 4244 2bcefbf 4243->4244 4244->4130 4245 2bce1f8 GetPEB 4245->4246 4246->4241 4246->4242 4246->4244 4246->4245 4248 2bd2d0a GetPEB 4246->4248 4249 2bcca1f GetPEB 4246->4249 4250 2bcfecb GetPEB 4246->4250 4705 2bd44ff 4246->4705 4248->4246 4249->4246 4250->4246 4252 2bd1028 GetPEB 4251->4252 4253 2bb4bf5 4252->4253 4253->4130 4255 2bb556b GetPEB 4254->4255 4261 2bd2465 4255->4261 4256 2bd25bf 4716 2bc654a 4256->4716 4258 2bce1f8 GetPEB 4258->4261 4259 2bd25bd 4259->4130 4260 2bd2d0a GetPEB 4260->4261 4261->4256 4261->4258 4261->4259 4261->4260 4264 2bcfecb GetPEB 4261->4264 4709 2bbdc1b 4261->4709 4712 2bd44ad 4261->4712 4264->4261 4267 2bbcdac 4265->4267 4266 2bce1f8 GetPEB 4266->4267 4267->4266 4270 2bbcdf0 4267->4270 4271 2bb1a34 GetPEB 4267->4271 4274 2bbd05c 4267->4274 4277 2bcfecb GetPEB 4267->4277 4742 2bc00c5 4267->4742 4746 2bc2cd9 4267->4746 4750 2bb2dea 4267->4750 4754 2bbf96f 4267->4754 4738 2bb53d0 4270->4738 4271->4267 4274->4274 4277->4267 4288 2bbd807 4278->4288 4279 2bbda79 4281 2bb3046 GetPEB 4279->4281 4280 2bb1a34 GetPEB 4280->4288 4284 2bbda77 4281->4284 4284->4130 4285 2bce1f8 GetPEB 4285->4288 4288->4279 4288->4280 4288->4284 4288->4285 4289 2bbf96f GetPEB 4288->4289 4290 2bcfecb GetPEB 4288->4290 4758 2bb3046 4288->4758 4762 2bcb257 4288->4762 4775 2bc7c4e 4288->4775 4779 2bce8b6 4288->4779 4289->4288 4290->4288 4293 2bcc7d3 4291->4293 4292 2bbdc1b GetPEB 4292->4293 4293->4292 4294 2bcc8ad 4293->4294 4294->4130 4296 2bcfcf5 4295->4296 4298 2bbc5d8 GetPEB 4296->4298 4299 2bcfd44 4296->4299 4799 2bc9df5 4296->4799 4298->4296 4299->4130 4303 2bc4ded 4300->4303 4301 2bb1a34 GetPEB 4301->4303 4302 2bb3046 GetPEB 4302->4303 4303->4301 4303->4302 4304 2bbc5d8 GetPEB 4303->4304 4306 2bc4f25 4303->4306 4308 2bce8b6 GetPEB 4303->4308 4309 2bc4f23 4303->4309 4828 2bc07f4 4303->4828 4304->4303 4307 2bd0db1 GetPEB 4306->4307 4307->4309 4308->4303 4309->4130 4315 2bcb06a 4310->4315 4311 2bd0db1 GetPEB 4311->4315 4312 2bce1f8 GetPEB 4312->4315 4313 2bcb173 4835 2bc7a0f 4313->4835 4314 2bc654a GetPEB 4314->4315 4315->4311 4315->4312 4315->4313 4315->4314 4316 2bd2d0a GetPEB 4315->4316 4317 2bcb171 4315->4317 4319 2bcfecb GetPEB 4315->4319 4316->4315 4317->4130 4319->4315 4321 2bb556b GetPEB 4320->4321 4322 2bcc401 4321->4322 4845 2bcb19c 4322->4845 4326 2bce50b 4325->4326 4329 2bbc5d8 GetPEB 4326->4329 4334 2bce8a9 4326->4334 4849 2bc7d5b 4326->4849 4869 2bd00ef 4326->4869 4881 2bbb820 4326->4881 4888 2bba871 4326->4888 4909 2bcccd9 4326->4909 4917 2bb238c 4326->4917 4938 2bca474 4326->4938 4958 2bd2d53 4326->4958 4329->4326 4334->4130 4340 2bc9a1f 4337->4340 4339 2bc9c42 4341 2bd2b09 GetPEB 4339->4341 4340->4339 4343 2bc9c40 4340->4343 4345 2bbc5d8 GetPEB 4340->4345 5071 2bbdca0 4340->5071 5075 2bd3ee9 4340->5075 5085 2bb3271 4340->5085 4341->4343 4343->4130 4345->4340 4352 2bc8f0d 4346->4352 4348 2bc8f1d 4351 2bc0ebc GetPEB 4348->4351 4349 2bbc5d8 GetPEB 4349->4352 4350 2bc8f3c 4350->4130 4351->4350 4352->4348 4352->4349 4352->4350 5180 2bb48dd 4352->5180 4360 2bba713 4353->4360 4355 2bba84e 4357 2bb3046 GetPEB 4355->4357 4356 2bbee62 GetPEB 4356->4360 4358 2bba84c 4357->4358 4358->4130 4359 2bce8b6 GetPEB 4359->4360 4360->4355 4360->4356 4360->4358 4360->4359 4361 2bb3046 GetPEB 4360->4361 5184 2bb1e9b 4360->5184 4361->4360 4369 2bd17de 4362->4369 4363 2bd1f31 4364 2bc85ff GetPEB 4363->4364 4365 2bd1f2f 4364->4365 4365->4133 4366 2bb1a34 GetPEB 4366->4369 4367 2bce1f8 GetPEB 4367->4369 4369->4363 4369->4365 4369->4366 4369->4367 4370 2bcfecb GetPEB 4369->4370 4371 2bbf96f GetPEB 4369->4371 5188 2bbbf5f 4369->5188 4370->4369 4371->4369 4381 2bc2b33 4372->4381 4375 2bc2c60 4377 2bc09dd GetPEB 4375->4377 4376 2bc654a GetPEB 4376->4381 4379 2bc2c75 4377->4379 4378 2bce1f8 GetPEB 4378->4381 5206 2bb856e 4379->5206 4381->4375 4381->4376 4381->4378 4382 2bc2c5e 4381->4382 4383 2bba445 GetPEB 4381->4383 4384 2bd2d0a GetPEB 4381->4384 4385 2bcfecb GetPEB 4381->4385 5192 2bcdc71 4381->5192 5200 2bb1ca1 4381->5200 4382->4133 4383->4381 4384->4381 4385->4381 4397 2bc43a8 4386->4397 4389 2bc4a52 4410 2bbbea1 4389->4410 4391 2bc4a50 4391->4168 4392 2bce1f8 GetPEB 4392->4397 4394 2bd2d0a GetPEB 4394->4397 4395 2bcfecb GetPEB 4395->4397 4396 2bc437a GetPEB 4396->4397 4397->4389 4397->4391 4397->4392 4397->4394 4397->4395 4397->4396 4398 2bc2c9c 4397->4398 4402 2bc2da7 4397->4402 4406 2bd0f1e 4397->4406 4399 2bc2cb8 4398->4399 4400 2bd31aa GetPEB 4399->4400 4401 2bc2cd1 4400->4401 4401->4397 4403 2bc2dbd 4402->4403 4404 2bbeb52 GetPEB 4403->4404 4405 2bc2e4f 4404->4405 4405->4397 4407 2bd0f37 4406->4407 4408 2bbeb52 GetPEB 4407->4408 4409 2bd0ff6 4408->4409 4409->4397 4411 2bbbeb1 4410->4411 4412 2bbeb52 GetPEB 4411->4412 4413 2bbbf53 4412->4413 4413->4391 4415 2bc8bc0 4414->4415 4416 2bbeb52 GetPEB 4415->4416 4417 2bc8c6a 4416->4417 4417->4177 4419 2bb73a9 4418->4419 4420 2bbeb52 GetPEB 4419->4420 4421 2bb742e 4420->4421 4421->4177 4423 2bbf814 4422->4423 4424 2bbeb52 GetPEB 4423->4424 4425 2bbf892 4424->4425 4425->4184 4427 2bcdbe1 4426->4427 4428 2bbeb52 GetPEB 4427->4428 4429 2bcdc5f 4428->4429 4429->4192 4431 2bcca35 4430->4431 4432 2bbeb52 GetPEB 4431->4432 4433 2bccac9 4432->4433 4433->4192 4435 2bd1631 4434->4435 4436 2bbeb52 GetPEB 4435->4436 4437 2bd16b5 4436->4437 4437->4200 4439 2bd2a49 4438->4439 4440 2bbeb52 GetPEB 4439->4440 4441 2bd2afe 4440->4441 4441->4200 4448 2bb6b9c 4442->4448 4443 2bd2b09 GetPEB 4443->4448 4445 2bb706b 4445->4220 4447 2bbc5d8 GetPEB 4447->4448 4448->4443 4448->4445 4448->4447 4507 2bd07aa 4448->4507 4512 2bcc9b0 4448->4512 4516 2bd46bd 4448->4516 4461 2bc57ab 4450->4461 4452 2bd2b09 GetPEB 4452->4461 4453 2bc6086 4455 2bd2b09 GetPEB 4453->4455 4454 2bb57b8 GetPEB 4454->4461 4457 2bc6084 4455->4457 4457->4220 4459 2bcc9b0 GetPEB 4459->4461 4460 2bbc5d8 GetPEB 4460->4461 4461->4452 4461->4453 4461->4454 4461->4457 4461->4459 4461->4460 4565 2bb5026 4461->4565 4569 2bbe7de 4461->4569 4574 2bbfb8e 4461->4574 4471 2bb83f1 4462->4471 4463 2bce1f8 GetPEB 4463->4471 4464 2bb854c 4465 2bd2b09 GetPEB 4464->4465 4468 2bb854a 4465->4468 4466 2bd31aa GetPEB 4466->4471 4468->4220 4469 2bbc5d8 GetPEB 4469->4471 4470 2bcfecb GetPEB 4470->4471 4471->4463 4471->4464 4471->4466 4471->4468 4471->4469 4471->4470 4581 2bd0a64 4471->4581 4486 2bc393f 4472->4486 4473 2bbc5d8 GetPEB 4473->4486 4474 2bc4244 GetPEB 4474->4486 4476 2bcc9b0 GetPEB 4476->4486 4477 2bd2b09 GetPEB 4478 2bc3a00 4477->4478 4478->4220 4479 2bce1f8 GetPEB 4479->4486 4480 2bc3d59 4480->4477 4481 2bc3992 4482 2bc4244 GetPEB 4481->4482 4483 2bc39af 4482->4483 4586 2bb3325 4483->4586 4484 2bd31aa GetPEB 4484->4486 4486->4473 4486->4474 4486->4476 4486->4478 4486->4479 4486->4480 4486->4481 4486->4484 4489 2bcfecb GetPEB 4486->4489 4590 2bce1ac 4486->4590 4488 2bcfecb GetPEB 4488->4478 4489->4486 4506 2bc6859 4490->4506 4493 2bce1f8 GetPEB 4493->4506 4494 2bc792e 4626 2bce358 4494->4626 4498 2bc7943 4498->4220 4499 2bd2b09 GetPEB 4499->4506 4500 2bce358 GetPEB 4500->4506 4501 2bcfecb GetPEB 4501->4506 4504 2bd3e0e GetPEB 4504->4506 4506->4493 4506->4494 4506->4498 4506->4499 4506->4500 4506->4501 4506->4504 4594 2bbed66 4506->4594 4598 2bbdda9 4506->4598 4602 2bb4bfc 4506->4602 4611 2bd10dc 4506->4611 4615 2bbef0c 4506->4615 4618 2bb4a88 4506->4618 4622 2bcc8cf 4506->4622 4508 2bd07c6 4507->4508 4511 2bd0a10 4508->4511 4522 2bb57b8 4508->4522 4537 2bd4d53 4508->4537 4511->4448 4513 2bcc9cc 4512->4513 4561 2bbdb68 4513->4561 4520 2bd46ed 4516->4520 4517 2bd2b09 GetPEB 4517->4520 4518 2bbc5d8 GetPEB 4518->4520 4519 2bd11b0 GetPEB 4519->4520 4520->4517 4520->4518 4520->4519 4521 2bd4d2e 4520->4521 4521->4448 4531 2bb57fa 4522->4531 4524 2bce1f8 GetPEB 4524->4531 4526 2bb66de 4528 2bbf7fe GetPEB 4526->4528 4527 2bbc5d8 GetPEB 4527->4531 4530 2bb66dc 4528->4530 4530->4508 4531->4524 4531->4526 4531->4527 4531->4530 4532 2bb738a GetPEB 4531->4532 4533 2bd2b09 GetPEB 4531->4533 4536 2bcfecb GetPEB 4531->4536 4541 2bccbe9 4531->4541 4545 2bb22c9 4531->4545 4549 2bb1bc9 4531->4549 4553 2bbf288 4531->4553 4557 2bd12c1 4531->4557 4532->4531 4533->4531 4536->4531 4538 2bd4d85 4537->4538 4539 2bbeb52 GetPEB 4538->4539 4540 2bd4e23 4539->4540 4540->4508 4542 2bccc0e 4541->4542 4543 2bbeb52 GetPEB 4542->4543 4544 2bccc8d 4543->4544 4544->4531 4546 2bb22e8 4545->4546 4547 2bbeb52 GetPEB 4546->4547 4548 2bb2377 4547->4548 4548->4531 4550 2bb1bfb 4549->4550 4551 2bbeb52 GetPEB 4550->4551 4552 2bb1c85 4551->4552 4552->4531 4554 2bbf2b2 4553->4554 4555 2bbeb52 GetPEB 4554->4555 4556 2bbf350 4555->4556 4556->4531 4558 2bd12da 4557->4558 4559 2bbeb52 GetPEB 4558->4559 4560 2bd1380 4559->4560 4560->4531 4562 2bbdb84 4561->4562 4563 2bbeb52 GetPEB 4562->4563 4564 2bbdc0b 4563->4564 4564->4448 4566 2bb503c 4565->4566 4567 2bcc9b0 GetPEB 4566->4567 4568 2bb50e1 4567->4568 4568->4461 4571 2bbe806 4569->4571 4570 2bccad5 GetPEB 4570->4571 4571->4570 4572 2bbc5d8 GetPEB 4571->4572 4573 2bbeb40 4571->4573 4572->4571 4573->4461 4575 2bbfbad 4574->4575 4576 2bbc5d8 GetPEB 4575->4576 4577 2bc0086 4575->4577 4578 2bb2194 GetPEB 4575->4578 4579 2bc0084 4575->4579 4576->4575 4580 2bd2b09 GetPEB 4577->4580 4578->4575 4579->4461 4580->4579 4583 2bd0a7e 4581->4583 4582 2bcc4f8 GetPEB 4582->4583 4583->4582 4584 2bbc5d8 GetPEB 4583->4584 4585 2bd0da7 4583->4585 4584->4583 4585->4471 4587 2bb333e 4586->4587 4588 2bd31aa GetPEB 4587->4588 4589 2bb335a 4588->4589 4589->4488 4591 2bce1ce 4590->4591 4592 2bd31aa GetPEB 4591->4592 4593 2bce1f0 4592->4593 4593->4486 4595 2bbeda1 4594->4595 4596 2bbeb52 GetPEB 4595->4596 4597 2bbee49 4596->4597 4597->4506 4599 2bbddcb 4598->4599 4600 2bbeb52 GetPEB 4599->4600 4601 2bbde63 4600->4601 4601->4506 4609 2bb4ec7 4602->4609 4604 2bb4fee 4605 2bb5009 4604->4605 4606 2bd2b09 GetPEB 4604->4606 4605->4506 4606->4605 4607 2bbc5d8 GetPEB 4607->4609 4608 2bcc9b0 GetPEB 4608->4609 4609->4604 4609->4607 4609->4608 4610 2bd2b09 GetPEB 4609->4610 4630 2bc9c65 4609->4630 4610->4609 4612 2bd1100 4611->4612 4613 2bbeb52 GetPEB 4612->4613 4614 2bd119a 4613->4614 4614->4506 4634 2bc60b8 4615->4634 4619 2bb4abc 4618->4619 4620 2bbeb52 GetPEB 4619->4620 4621 2bb4b44 4620->4621 4621->4506 4623 2bcc8f4 4622->4623 4624 2bbeb52 GetPEB 4623->4624 4625 2bcc99d 4624->4625 4625->4506 4627 2bce36b 4626->4627 4628 2bbeb52 GetPEB 4627->4628 4629 2bce3fa 4628->4629 4629->4498 4631 2bc9c85 4630->4631 4632 2bbeb52 GetPEB 4631->4632 4633 2bc9d29 4632->4633 4633->4609 4635 2bc60de 4634->4635 4636 2bbeb52 GetPEB 4635->4636 4637 2bbefd1 4636->4637 4637->4506 4649 2bb1f38 4638->4649 4642 2bc0ade 4641->4642 4675 2bcf790 4642->4675 4645 2bc0c1f 4645->4225 4648 2bd1538 GetPEB 4648->4645 4652 2bb1f57 4649->4652 4654 2bb20cc 4652->4654 4656 2bb20da 4652->4656 4658 2bb7603 4652->4658 4661 2bd06ec 4652->4661 4665 2bbbd23 4652->4665 4669 2bbe5c0 4652->4669 4657 2bd1538 GetPEB 4654->4657 4656->4225 4657->4656 4659 2bbeb52 GetPEB 4658->4659 4660 2bb76d3 4659->4660 4660->4652 4662 2bd0702 4661->4662 4663 2bbeb52 GetPEB 4662->4663 4664 2bd079c 4663->4664 4664->4652 4666 2bbbd40 4665->4666 4667 2bbeb52 GetPEB 4666->4667 4668 2bbbdeb 4667->4668 4668->4652 4672 2bb556b 4669->4672 4673 2bbeb52 GetPEB 4672->4673 4674 2bb55f6 4673->4674 4674->4652 4676 2bbeb52 GetPEB 4675->4676 4677 2bc0bf0 4676->4677 4677->4645 4678 2bbdaaa 4677->4678 4679 2bbdac8 4678->4679 4680 2bbeb52 GetPEB 4679->4680 4681 2bbdb55 4680->4681 4681->4648 4683 2bce10e 4682->4683 4684 2bbeb52 GetPEB 4683->4684 4685 2bce19c 4684->4685 4685->4231 4687 2bc8c96 4686->4687 4688 2bbeb52 GetPEB 4687->4688 4689 2bc8d2f 4688->4689 4689->4231 4694 2bcf859 4690->4694 4691 2bca1c0 GetPEB 4691->4694 4692 2bcfb47 4692->4231 4693 2bbc5d8 GetPEB 4693->4694 4694->4691 4694->4692 4694->4693 4695 2bcfb19 4694->4695 4701 2bca1c0 4695->4701 4698 2bb54c9 4697->4698 4699 2bbeb52 GetPEB 4698->4699 4700 2bb555f 4699->4700 4700->4234 4702 2bca1f0 4701->4702 4703 2bbeb52 GetPEB 4702->4703 4704 2bca28c 4703->4704 4704->4692 4706 2bd451c 4705->4706 4707 2bbeb52 GetPEB 4706->4707 4708 2bd45b7 4707->4708 4708->4246 4710 2bbeb52 GetPEB 4709->4710 4711 2bbdc97 4710->4711 4711->4261 4713 2bd44d8 4712->4713 4714 2bd31aa GetPEB 4713->4714 4715 2bd44f7 4714->4715 4715->4261 4717 2bc6564 4716->4717 4718 2bcfe2a GetPEB 4717->4718 4719 2bc6749 4718->4719 4720 2bcfe2a GetPEB 4719->4720 4721 2bc6761 4720->4721 4722 2bcfe2a GetPEB 4721->4722 4723 2bc6774 4722->4723 4730 2bbe204 4723->4730 4726 2bbe204 GetPEB 4727 2bc679e 4726->4727 4734 2bbe4f8 4727->4734 4731 2bbe217 4730->4731 4732 2bbeb52 GetPEB 4731->4732 4733 2bbe2ae 4732->4733 4733->4726 4735 2bbe511 4734->4735 4736 2bbeb52 GetPEB 4735->4736 4737 2bbe5b5 4736->4737 4737->4259 4739 2bb53e3 4738->4739 4740 2bbeb52 GetPEB 4739->4740 4741 2bb546b 4740->4741 4741->4130 4743 2bc00d8 4742->4743 4744 2bbeb52 GetPEB 4743->4744 4745 2bc0170 4744->4745 4745->4267 4747 2bc2d03 4746->4747 4748 2bbeb52 GetPEB 4747->4748 4749 2bc2d8e 4748->4749 4749->4267 4751 2bb2e23 4750->4751 4752 2bbeb52 GetPEB 4751->4752 4753 2bb2ea5 4752->4753 4753->4267 4755 2bbf997 4754->4755 4756 2bd31aa GetPEB 4755->4756 4757 2bbf9b9 4756->4757 4757->4267 4759 2bb305c 4758->4759 4760 2bbeb52 GetPEB 4759->4760 4761 2bb30db 4760->4761 4761->4288 4763 2bcb27f 4762->4763 4764 2bcbb76 4763->4764 4765 2bbc5d8 GetPEB 4763->4765 4770 2bcbb89 4763->4770 4771 2bd2b09 GetPEB 4763->4771 4773 2bbdc1b GetPEB 4763->4773 4774 2bb3046 GetPEB 4763->4774 4783 2bbee62 4763->4783 4787 2bbfa95 4763->4787 4791 2bcfd4e 4763->4791 4795 2bbc3a7 4763->4795 4766 2bd2b09 GetPEB 4764->4766 4765->4763 4766->4770 4770->4288 4771->4763 4773->4763 4774->4763 4776 2bc7c9b 4775->4776 4777 2bbeb52 GetPEB 4776->4777 4778 2bc7d35 4777->4778 4778->4288 4780 2bce8d0 4779->4780 4781 2bbeb52 GetPEB 4780->4781 4782 2bce946 4781->4782 4782->4288 4784 2bbee81 4783->4784 4785 2bbeb52 GetPEB 4784->4785 4786 2bbeefb 4785->4786 4786->4763 4788 2bbfad4 4787->4788 4789 2bbeb52 GetPEB 4788->4789 4790 2bbfb70 4789->4790 4790->4763 4792 2bcfd79 4791->4792 4793 2bbeb52 GetPEB 4792->4793 4794 2bcfe12 4793->4794 4794->4763 4796 2bbc3c9 4795->4796 4797 2bbeb52 GetPEB 4796->4797 4798 2bbc463 4797->4798 4798->4763 4805 2bc9e1d 4799->4805 4800 2bc4244 GetPEB 4800->4805 4803 2bca1b5 4803->4296 4805->4800 4805->4803 4806 2bcfecb GetPEB 4805->4806 4807 2bc96c2 4805->4807 4811 2bc5515 4805->4811 4816 2bd0a1a 4805->4816 4806->4805 4808 2bc96db 4807->4808 4809 2bbeb52 GetPEB 4808->4809 4810 2bc9765 4809->4810 4810->4805 4820 2bc0de5 4811->4820 4815 2bc5670 4815->4805 4817 2bd0a3f 4816->4817 4818 2bd31aa GetPEB 4817->4818 4819 2bd0a5c 4818->4819 4819->4805 4821 2bc0dfe 4820->4821 4822 2bbeb52 GetPEB 4821->4822 4823 2bc0eae 4822->4823 4823->4815 4824 2bd138b 4823->4824 4825 2bd13b8 4824->4825 4826 2bbeb52 GetPEB 4825->4826 4827 2bd1475 4826->4827 4827->4815 4834 2bc08fe 4828->4834 4829 2bd0db1 GetPEB 4829->4834 4830 2bc09b7 4832 2bbe204 GetPEB 4830->4832 4831 2bc09b5 4831->4303 4832->4831 4833 2bc00c5 GetPEB 4833->4834 4834->4829 4834->4830 4834->4831 4834->4833 4836 2bc7a2c 4835->4836 4837 2bce1f8 GetPEB 4836->4837 4838 2bc7bfe 4837->4838 4839 2bc2c9c GetPEB 4838->4839 4840 2bc7c1b 4839->4840 4841 2bcfecb GetPEB 4840->4841 4842 2bc7c2e 4841->4842 4843 2bbd061 GetPEB 4842->4843 4844 2bc7c45 4843->4844 4844->4317 4846 2bcb1af 4845->4846 4847 2bbeb52 GetPEB 4846->4847 4848 2bcb248 4847->4848 4848->4130 4866 2bc83d6 4849->4866 4850 2bc851b 4851 2bb1a34 GetPEB 4850->4851 4853 2bc854b 4851->4853 4852 2bd0db1 GetPEB 4852->4866 4854 2bce1f8 GetPEB 4853->4854 4856 2bc8565 4854->4856 4855 2bc09dd GetPEB 4855->4866 4857 2bd2d0a GetPEB 4856->4857 4859 2bc85a6 4857->4859 4860 2bcfecb GetPEB 4859->4860 4862 2bc85c6 4860->4862 4861 2bce1f8 GetPEB 4861->4866 4863 2bc85ff GetPEB 4862->4863 4865 2bc8516 4863->4865 4864 2bd2d0a GetPEB 4864->4866 4865->4326 4866->4850 4866->4852 4866->4855 4866->4861 4866->4864 4866->4865 4867 2bcfecb GetPEB 4866->4867 4966 2bbbaa9 4866->4966 4970 2bbbfbe 4866->4970 4867->4866 4876 2bd04c6 4869->4876 4870 2bd05e9 4872 2bc85ff GetPEB 4870->4872 4871 2bd05e7 4871->4326 4872->4871 4873 2bd0db1 GetPEB 4873->4876 4874 2bc09dd GetPEB 4874->4876 4875 2bbbaa9 GetPEB 4875->4876 4876->4870 4876->4871 4876->4873 4876->4874 4876->4875 4877 2bce1f8 GetPEB 4876->4877 4878 2bd2d0a GetPEB 4876->4878 4879 2bcfecb GetPEB 4876->4879 4880 2bbbfbe GetPEB 4876->4880 4877->4876 4878->4876 4879->4876 4880->4876 4886 2bbba26 4881->4886 4882 2bbba9c 4882->4326 4883 2bd2b09 GetPEB 4883->4886 4884 2bd1028 GetPEB 4884->4886 4886->4882 4886->4883 4886->4884 4887 2bd1538 GetPEB 4886->4887 4981 2bbf0e9 4886->4981 4887->4886 4989 2bd1f6d 4888->4989 4890 2bbb3e7 4891 2bd0a64 GetPEB 4890->4891 4893 2bb1a34 GetPEB 4890->4893 4894 2bc85ff GetPEB 4890->4894 4895 2bbb7fd 4890->4895 4896 2bd0db1 GetPEB 4890->4896 4897 2bbb7fb 4890->4897 4898 2bd44ad GetPEB 4890->4898 4900 2bcfecb GetPEB 4890->4900 4901 2bd2b09 GetPEB 4890->4901 4902 2bc09dd GetPEB 4890->4902 4903 2bc00c5 GetPEB 4890->4903 4904 2bbbaa9 GetPEB 4890->4904 4906 2bce1f8 GetPEB 4890->4906 4907 2bd2d0a GetPEB 4890->4907 4908 2bbbfbe GetPEB 4890->4908 4992 2bbf726 4890->4992 4996 2bcd8db 4890->4996 4891->4890 4893->4890 4894->4890 4899 2bd1538 GetPEB 4895->4899 4896->4890 4897->4326 4898->4890 4899->4897 4900->4890 4901->4890 4902->4890 4903->4890 4904->4890 4906->4890 4907->4890 4908->4890 4915 2bccfe9 4909->4915 4910 2bcd0f1 4910->4326 4911 2bcd0f3 4913 2bbf0e9 GetPEB 4911->4913 4913->4910 4915->4910 4915->4911 5006 2bc0ebc 4915->5006 5010 2bd3263 4915->5010 5018 2bbe2bd 4915->5018 4929 2bb2ad8 4917->4929 4918 2bb2d78 4920 2bc85ff GetPEB 4918->4920 4919 2bcc387 GetPEB 4919->4929 4923 2bb2da8 4920->4923 4921 2bb2d64 4926 2bd1538 GetPEB 4921->4926 4925 2bb2d62 4923->4925 4927 2bd1538 GetPEB 4923->4927 4925->4326 4926->4925 4927->4921 4928 2bd0db1 GetPEB 4928->4929 4929->4918 4929->4919 4929->4921 4929->4925 4929->4928 4930 2bd1538 GetPEB 4929->4930 4931 2bc09dd GetPEB 4929->4931 4933 2bbbaa9 GetPEB 4929->4933 4934 2bce1f8 GetPEB 4929->4934 4935 2bd2d0a GetPEB 4929->4935 4936 2bcfecb GetPEB 4929->4936 4937 2bbbfbe GetPEB 4929->4937 5031 2bc9774 4929->5031 5039 2bc017b 4929->5039 5048 2bcbc6b 4929->5048 4930->4929 4931->4929 4933->4929 4934->4929 4935->4929 4936->4929 4937->4929 4957 2bcaadf 4938->4957 4939 2bcac24 4941 2bb1a34 GetPEB 4939->4941 4940 2bcac1f 4940->4326 4943 2bcac51 4941->4943 4942 2bd0db1 GetPEB 4942->4957 4944 2bce1f8 GetPEB 4943->4944 4946 2bcac74 4944->4946 4945 2bc09dd GetPEB 4945->4957 4947 2bd2d0a GetPEB 4946->4947 4948 2bcacaf 4947->4948 4950 2bcfecb GetPEB 4948->4950 4949 2bbbaa9 GetPEB 4949->4957 4951 2bcaccf 4950->4951 4953 2bc85ff GetPEB 4951->4953 4952 2bce1f8 GetPEB 4952->4957 4953->4940 4954 2bd2d0a GetPEB 4954->4957 4955 2bcfecb GetPEB 4955->4957 4956 2bbbfbe GetPEB 4956->4957 4957->4939 4957->4940 4957->4942 4957->4945 4957->4949 4957->4952 4957->4954 4957->4955 4957->4956 4963 2bd307f 4958->4963 4959 2bd318a 4959->4326 4960 2bd318c 4962 2bbf0e9 GetPEB 4960->4962 4961 2bd3263 GetPEB 4961->4963 4962->4959 4963->4959 4963->4960 4963->4961 4964 2bc0ebc GetPEB 4963->4964 4965 2bbe2bd GetPEB 4963->4965 4964->4963 4965->4963 4967 2bbbac2 4966->4967 4968 2bbdc1b GetPEB 4967->4968 4969 2bbbb97 4968->4969 4969->4866 4972 2bbbfd7 4970->4972 4971 2bbc273 4974 2bd1538 GetPEB 4971->4974 4972->4971 4973 2bd45ca GetPEB 4972->4973 4976 2bbc271 4972->4976 4977 2bcc41a 4972->4977 4973->4972 4974->4976 4976->4866 4978 2bcc440 4977->4978 4979 2bbeb52 GetPEB 4978->4979 4980 2bcc4e1 4979->4980 4980->4972 4982 2bbf0ff 4981->4982 4985 2bbf8a9 4982->4985 4986 2bbf8c6 4985->4986 4987 2bbeb52 GetPEB 4986->4987 4988 2bbf1c3 4987->4988 4988->4886 4990 2bbeb52 GetPEB 4989->4990 4991 2bd2000 4990->4991 4991->4890 4993 2bbf758 4992->4993 4994 2bbeb52 GetPEB 4993->4994 4995 2bbf7dc 4994->4995 4995->4890 4998 2bcd8fb 4996->4998 4997 2bbc5d8 GetPEB 4997->4998 4998->4997 4999 2bcdb95 4998->4999 5000 2bcdb93 4998->5000 5002 2bccad5 4999->5002 5000->4890 5003 2bccaef 5002->5003 5004 2bcc9b0 GetPEB 5003->5004 5005 2bccbda 5004->5005 5005->5000 5007 2bc0ede 5006->5007 5008 2bbeb52 GetPEB 5007->5008 5009 2bc0f72 5008->5009 5009->4915 5011 2bd327e 5010->5011 5012 2bd3556 5011->5012 5023 2bc62c7 5011->5023 5012->4915 5015 2bcc9b0 GetPEB 5016 2bd350d 5015->5016 5016->5012 5017 2bcc9b0 GetPEB 5016->5017 5017->5016 5021 2bbe2d8 5018->5021 5019 2bbe3f5 5019->4915 5020 2bb483c GetPEB 5020->5021 5021->5019 5021->5020 5027 2bb1afd 5021->5027 5024 2bc62eb 5023->5024 5025 2bbeb52 GetPEB 5024->5025 5026 2bc6383 5025->5026 5026->5012 5026->5015 5028 2bb1b10 5027->5028 5029 2bbeb52 GetPEB 5028->5029 5030 2bb1bba 5029->5030 5030->5021 5032 2bc9797 5031->5032 5034 2bc9967 5032->5034 5035 2bcbc6b GetPEB 5032->5035 5036 2bc9956 5032->5036 5051 2bb72c4 5032->5051 5055 2bbf9c1 5032->5055 5034->4929 5035->5032 5038 2bd1538 GetPEB 5036->5038 5038->5034 5041 2bc01c2 5039->5041 5043 2bcfe2a GetPEB 5041->5043 5044 2bc06f1 5041->5044 5045 2bce1f8 GetPEB 5041->5045 5047 2bcfecb GetPEB 5041->5047 5059 2bb473d 5041->5059 5063 2bc4178 5041->5063 5067 2bc7952 5041->5067 5043->5041 5044->4929 5045->5041 5047->5041 5049 2bbeb52 GetPEB 5048->5049 5050 2bcbd0a 5049->5050 5050->4929 5052 2bb72e0 5051->5052 5053 2bbeb52 GetPEB 5052->5053 5054 2bb737c 5053->5054 5054->5032 5056 2bbf9eb 5055->5056 5057 2bbeb52 GetPEB 5056->5057 5058 2bbfa7c 5057->5058 5058->5032 5060 2bb4786 5059->5060 5061 2bbeb52 GetPEB 5060->5061 5062 2bb481a 5061->5062 5062->5041 5064 2bc4194 5063->5064 5065 2bbeb52 GetPEB 5064->5065 5066 2bc4233 5065->5066 5066->5041 5068 2bc7965 5067->5068 5069 2bbeb52 GetPEB 5068->5069 5070 2bc7a04 5069->5070 5070->5041 5072 2bbdd30 5071->5072 5073 2bbdd16 5071->5073 5072->4340 5073->5072 5074 2bd2b09 GetPEB 5073->5074 5074->5073 5076 2bd41ee 5075->5076 5077 2bce1f8 GetPEB 5076->5077 5079 2bbf96f GetPEB 5076->5079 5080 2bd43b4 5076->5080 5082 2bcfecb GetPEB 5076->5082 5083 2bbc5d8 GetPEB 5076->5083 5084 2bd43c9 5076->5084 5089 2bc3d85 5076->5089 5077->5076 5079->5076 5081 2bd2b09 GetPEB 5080->5081 5081->5084 5082->5076 5083->5076 5084->4340 5086 2bb328d 5085->5086 5093 2bb7442 5086->5093 5090 2bc3d9c 5089->5090 5091 2bbc5d8 GetPEB 5090->5091 5092 2bc3e5b 5091->5092 5092->5076 5096 2bb7462 5093->5096 5094 2bbc5d8 GetPEB 5094->5096 5096->5094 5098 2bb7576 5096->5098 5099 2bb331d 5096->5099 5102 2bc8fae 5096->5102 5111 2bc0d04 5096->5111 5116 2bc0f86 5096->5116 5101 2bd2b09 GetPEB 5098->5101 5099->4340 5101->5099 5110 2bc94f3 5102->5110 5103 2bc969b 5105 2bbf7fe GetPEB 5103->5105 5104 2bc9699 5104->5096 5105->5104 5106 2bce1f8 GetPEB 5106->5110 5108 2bb738a GetPEB 5108->5110 5109 2bcfecb GetPEB 5109->5110 5110->5103 5110->5104 5110->5106 5110->5108 5110->5109 5133 2bbbc32 5110->5133 5137 2bb2ebf 5111->5137 5114 2bd2b09 GetPEB 5115 2bc0dde 5114->5115 5115->5096 5119 2bc1c7c 5116->5119 5117 2bce1f8 GetPEB 5117->5119 5119->5117 5120 2bcc237 GetPEB 5119->5120 5121 2bb2ebf GetPEB 5119->5121 5122 2bbbc32 GetPEB 5119->5122 5124 2bc2118 5119->5124 5125 2bc2116 5119->5125 5130 2bb738a GetPEB 5119->5130 5131 2bcfecb GetPEB 5119->5131 5132 2bcc9b0 GetPEB 5119->5132 5141 2bb3431 5119->5141 5156 2bd16c0 5119->5156 5160 2bcc2cf 5119->5160 5164 2bd43e6 5119->5164 5168 2bb51e7 5119->5168 5120->5119 5121->5119 5122->5119 5126 2bbf7fe GetPEB 5124->5126 5125->5096 5126->5125 5130->5119 5131->5119 5132->5119 5134 2bbbc62 5133->5134 5135 2bbeb52 GetPEB 5134->5135 5136 2bbbd08 5135->5136 5136->5110 5138 2bb2ed3 5137->5138 5139 2bbeb52 GetPEB 5138->5139 5140 2bb2f74 5139->5140 5140->5114 5155 2bb4267 5141->5155 5142 2bd2b09 GetPEB 5142->5155 5143 2bce1f8 GetPEB 5143->5155 5144 2bb4738 5144->5144 5145 2bbc5d8 GetPEB 5145->5155 5146 2bb42a0 5150 2bbf7fe GetPEB 5146->5150 5147 2bbf288 GetPEB 5147->5155 5149 2bc00c5 GetPEB 5149->5155 5151 2bb42be 5150->5151 5151->5119 5152 2bb738a GetPEB 5152->5155 5154 2bcfecb GetPEB 5154->5155 5155->5142 5155->5143 5155->5144 5155->5145 5155->5146 5155->5147 5155->5149 5155->5152 5155->5154 5172 2bb50e8 5155->5172 5176 2bb49a4 5155->5176 5157 2bd16f5 5156->5157 5158 2bbeb52 GetPEB 5157->5158 5159 2bd17a1 5158->5159 5159->5119 5161 2bcc2e5 5160->5161 5162 2bbeb52 GetPEB 5161->5162 5163 2bcc370 5162->5163 5163->5119 5165 2bd4405 5164->5165 5166 2bbeb52 GetPEB 5165->5166 5167 2bd4498 5166->5167 5167->5119 5169 2bb5206 5168->5169 5170 2bbeb52 GetPEB 5169->5170 5171 2bb52a5 5170->5171 5171->5119 5173 2bb5123 5172->5173 5174 2bbeb52 GetPEB 5173->5174 5175 2bb51c6 5174->5175 5175->5155 5177 2bb49d5 5176->5177 5178 2bbeb52 GetPEB 5177->5178 5179 2bb4a6b 5178->5179 5179->5155 5181 2bb48f4 5180->5181 5182 2bbeb52 GetPEB 5181->5182 5183 2bb4996 5182->5183 5183->4352 5185 2bb1eb4 5184->5185 5186 2bbeb52 GetPEB 5185->5186 5187 2bb1f2d 5186->5187 5187->4360 5189 2bbbf93 5188->5189 5190 2bd31aa GetPEB 5189->5190 5191 2bbbfb6 5190->5191 5191->4369 5193 2bcdfa2 5192->5193 5194 2bb53d0 GetPEB 5193->5194 5196 2bce1f8 GetPEB 5193->5196 5197 2bb2dea GetPEB 5193->5197 5198 2bce0e6 5193->5198 5199 2bcfecb GetPEB 5193->5199 5210 2bd298d 5193->5210 5194->5193 5196->5193 5197->5193 5198->4381 5199->5193 5203 2bb1cc0 5200->5203 5202 2bcfe2a GetPEB 5202->5203 5203->5202 5204 2bb1e90 5203->5204 5214 2bb2f80 5203->5214 5218 2bc06fe 5203->5218 5204->4381 5207 2bb8581 5206->5207 5208 2bbeb52 GetPEB 5207->5208 5209 2bb862b 5208->5209 5209->4382 5211 2bd29a3 5210->5211 5212 2bbeb52 GetPEB 5211->5212 5213 2bd2a27 5212->5213 5213->5193 5215 2bb2f9f 5214->5215 5216 2bbeb52 GetPEB 5215->5216 5217 2bb3039 5216->5217 5217->5203 5219 2bc071c 5218->5219 5220 2bbeb52 GetPEB 5219->5220 5221 2bc07dc 5220->5221 5221->5203 4017 2bcbefd 4030 2bc09dd 4017->4030 4020 2bd061d 2 API calls 4022 2bcc1b8 4020->4022 4021 2bcc229 4022->4021 4034 2bce1f8 4022->4034 4024 2bcc1d6 4025 2bd2d0a GetPEB 4024->4025 4026 2bcc1ff 4025->4026 4038 2bcfecb 4026->4038 4031 2bc09f3 4030->4031 4032 2bbeb52 GetPEB 4031->4032 4033 2bc0a85 4032->4033 4033->4020 4035 2bce211 4034->4035 4046 2bbc5d8 4035->4046 4037 2bce2da 4037->4024 4037->4037 4039 2bcfee3 4038->4039 4058 2bd2b09 4039->4058 4042 2bbd061 4043 2bbd07a 4042->4043 4044 2bbeb52 GetPEB 4043->4044 4045 2bbd141 4044->4045 4045->4021 4051 2bd28eb 4046->4051 4052 2bbeb52 GetPEB 4051->4052 4053 2bbc69c 4052->4053 4054 2bc648a 4053->4054 4055 2bc64a6 4054->4055 4056 2bbeb52 GetPEB 4055->4056 4057 2bbc6b1 4056->4057 4057->4037 4059 2bd2b1f 4058->4059 4060 2bd28eb GetPEB 4059->4060 4061 2bd2bd9 4060->4061 4064 2bc0c2a 4061->4064 4065 2bc0c42 4064->4065 4066 2bbeb52 GetPEB 4065->4066 4067 2bc0ce9 4066->4067 4067->4042 4068 2bd36aa 4078 2bd3bc2 4068->4078 4069 2bbc5d8 GetPEB 4069->4078 4070 2bd2b09 GetPEB 4070->4078 4071 2bd0db1 GetPEB 4071->4078 4072 2bd3df0 4073 2bd1538 GetPEB 4072->4073 4074 2bd3dee 4073->4074 4075 2bc09dd GetPEB 4075->4078 4078->4069 4078->4070 4078->4071 4078->4072 4078->4074 4078->4075 4080 2bd061d 2 API calls 4078->4080 4081 2bd45ca 4078->4081 4085 2bce406 4078->4085 4089 2bd27bc 4078->4089 4080->4078 4082 2bd45fd 4081->4082 4083 2bbeb52 GetPEB 4082->4083 4084 2bd46a3 4083->4084 4084->4078 4086 2bce434 4085->4086 4087 2bbeb52 GetPEB 4086->4087 4088 2bce4c9 4087->4088 4088->4078 4090 2bd27cf 4089->4090 4091 2bbeb52 GetPEB 4090->4091 4092 2bd2873 4091->4092 4092->4078 4093 2bb1a2c 4094 2bb1a59 4093->4094 4095 2bbeb52 GetPEB 4094->4095 4096 2bb1aeb 4095->4096 3909 2bc6395 3910 2bc6453 3909->3910 3914 2bc647e 3909->3914 3915 2bcefdd 3910->3915 3925 2bcf548 3915->3925 3919 2bcf760 3954 2bc85ff 3919->3954 3920 2bc6466 3920->3914 3928 2bcd11a 3920->3928 3923 2bce1f8 GetPEB 3923->3925 3925->3919 3925->3920 3925->3923 3926 2bcfecb GetPEB 3925->3926 3931 2bd061d 3925->3931 3935 2bb1a34 3925->3935 3939 2bd0db1 3925->3939 3943 2bd2d0a 3925->3943 3947 2bcfe2a 3925->3947 3951 2bbc307 3925->3951 3926->3925 3929 2bbeb52 GetPEB 3928->3929 3930 2bcd1b1 3929->3930 3930->3914 3932 2bd0636 3931->3932 3964 2bbeb52 3932->3964 3936 2bb1a59 3935->3936 3937 2bbeb52 GetPEB 3936->3937 3938 2bb1aeb 3937->3938 3938->3925 3940 2bd0dcc 3939->3940 3994 2bcbb96 3940->3994 3944 2bd2d2f 3943->3944 3998 2bd31aa 3944->3998 3948 2bcfe3d 3947->3948 4001 2bbc28c 3948->4001 3952 2bbeb52 GetPEB 3951->3952 3953 2bbc39e 3952->3953 3953->3925 3955 2bc8626 3954->3955 3956 2bcfe2a GetPEB 3955->3956 3957 2bc878e 3956->3957 4009 2bd2c24 3957->4009 3960 2bc87d2 3960->3920 3963 2bd1538 GetPEB 3963->3960 3965 2bbebf7 3964->3965 3966 2bbec1b lstrcmpiW 3964->3966 3970 2bc567b 3965->3970 3966->3925 3968 2bbec06 3973 2bbec31 3968->3973 3977 2bbf7f7 GetPEB 3970->3977 3972 2bc573b 3972->3968 3974 2bbec50 3973->3974 3975 2bbed2e 3974->3975 3978 2bb7e79 3974->3978 3975->3966 3977->3972 3979 2bb7fa7 3978->3979 3986 2bb801a 3979->3986 3982 2bb7fe4 3984 2bbec31 GetPEB 3982->3984 3985 2bb8011 3982->3985 3984->3985 3985->3975 3987 2bb802d 3986->3987 3988 2bbeb52 GetPEB 3987->3988 3989 2bb7fcb 3988->3989 3989->3982 3990 2bb483c 3989->3990 3991 2bb484c 3990->3991 3992 2bbeb52 GetPEB 3991->3992 3993 2bb48d1 3992->3993 3993->3982 3995 2bcbbbe 3994->3995 3996 2bbeb52 GetPEB 3995->3996 3997 2bcbc5c 3996->3997 3997->3925 3999 2bbeb52 GetPEB 3998->3999 4000 2bd2d4b 3999->4000 4000->3925 4002 2bbc2a9 4001->4002 4005 2bb76e0 4002->4005 4006 2bb76f8 4005->4006 4007 2bbeb52 GetPEB 4006->4007 4008 2bb7793 4007->4008 4008->3925 4010 2bd2c57 4009->4010 4011 2bbeb52 GetPEB 4010->4011 4012 2bc87c7 4011->4012 4012->3960 4013 2bd1538 4012->4013 4014 2bd1548 4013->4014 4015 2bbeb52 GetPEB 4014->4015 4016 2bc87ec 4015->4016 4016->3963 4097 2bca2a5 4098 2bca419 4097->4098 4099 2bca467 4098->4099 4105 2bc4244 4098->4105 4101 2bca434 4109 2bd3560 4101->4109 4104 2bcfecb GetPEB 4104->4099 4106 2bc425e 4105->4106 4107 2bbc5d8 GetPEB 4106->4107 4108 2bc430e 4107->4108 4108->4101 4108->4108 4110 2bd357f 4109->4110 4111 2bca44b 4110->4111 4113 2bcbddd 4110->4113 4111->4104 4114 2bcbdf6 4113->4114 4115 2bbeb52 GetPEB 4114->4115 4116 2bcbe7e 4115->4116 4116->4110

                                                                                                          Executed Functions

                                                                                                          Function 02BCEFDD, Relevance: 12.9, Strings: 10, Instructions: 360COMMONCrypto
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          C-Code - Quality: 95%
                                                                                                          			E02BCEFDD() {
				char _v520;
				char _v1040;
				char _v1560;
				signed int _v1564;
				signed int _v1568;
				signed int _v1572;
				signed int _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				signed int _v1708;
				signed int _v1712;
				signed int _v1716;
				signed int _v1720;
				signed short* _t381;
				signed int _t393;
				signed int _t395;
				signed int _t397;
				signed int _t398;
				signed int _t399;
				signed int _t400;
				signed int _t401;
				signed int _t402;
				signed int _t403;
				signed int _t404;
				signed int _t405;
				signed int _t415;
				signed int* _t444;
				void* _t445;
				signed int _t449;
				signed int _t450;
				signed short* _t451;
				signed int* _t452;

				_t452 =  &_v1720;
				_v1648 = 0xf9e68a;
				_v1648 = _v1648 ^ 0xa89cfd85;
				_v1648 = _v1648 | 0xe1599fd2;
				_v1648 = _v1648 ^ 0xe97d9ff6;
				_v1592 = 0x52ca29;
				_v1592 = _v1592 + 0xa8c7;
				_v1592 = _v1592 ^ 0x005b0974;
				_v1632 = 0x5fd17f;
				_t397 = 0x55;
				_v1632 = _v1632 / _t397;
				_v1632 = _v1632 + 0x4a14;
				_t395 = 0;
				_v1632 = _v1632 ^ 0x0007d59d;
				_t445 = 0x5f4d19a;
				_v1584 = 0xb2803c;
				_t398 = 0x15;
				_v1584 = _v1584 / _t398;
				_v1584 = _v1584 ^ 0x0001d429;
				_v1700 = 0x18b17c;
				_v1700 = _v1700 >> 4;
				_v1700 = _v1700 << 0xb;
				_v1700 = _v1700 | 0x5bcbde76;
				_v1700 = _v1700 ^ 0x5fd8859a;
				_v1716 = 0x3ed9a0;
				_v1716 = _v1716 >> 2;
				_v1716 = _v1716 | 0xf2214935;
				_v1716 = _v1716 + 0xffff6098;
				_v1716 = _v1716 ^ 0xf2246cf7;
				_v1616 = 0xd3100b;
				_v1616 = _v1616 << 0xb;
				_v1616 = _v1616 ^ 0x988d1f7d;
				_v1576 = 0x49dab3;
				_t399 = 0x41;
				_v1576 = _v1576 / _t399;
				_v1576 = _v1576 ^ 0x00091b0c;
				_v1604 = 0x610b2e;
				_v1604 = _v1604 >> 3;
				_v1604 = _v1604 ^ 0x000d4028;
				_v1708 = 0x5e4148;
				_v1708 = _v1708 * 0x7c;
				_v1708 = _v1708 + 0x543c;
				_v1708 = _v1708 * 0x6e;
				_v1708 = _v1708 ^ 0x9e2c7101;
				_v1580 = 0x8fa7d1;
				_v1580 = _v1580 | 0x5a90bc2e;
				_v1580 = _v1580 ^ 0x5a99780a;
				_v1644 = 0xdfbfec;
				_v1644 = _v1644 ^ 0x5e27e596;
				_v1644 = _v1644 + 0xffff45c7;
				_v1644 = _v1644 ^ 0x5efb0694;
				_v1652 = 0xa5c8eb;
				_v1652 = _v1652 ^ 0x9b43bc99;
				_v1652 = _v1652 * 0x26;
				_v1652 = _v1652 ^ 0x243194e2;
				_v1596 = 0xb87d2a;
				_v1596 = _v1596 ^ 0x06815b6e;
				_v1596 = _v1596 ^ 0x0639024b;
				_v1568 = 0xf0e227;
				_v1568 = _v1568 * 0x3d;
				_v1568 = _v1568 ^ 0x396ce50f;
				_v1572 = 0x747c0d;
				_v1572 = _v1572 + 0xffffb798;
				_v1572 = _v1572 ^ 0x0071a7b9;
				_v1656 = 0x3795ed;
				_v1656 = _v1656 | 0xbce94746;
				_t400 = 0x26;
				_v1656 = _v1656 / _t400;
				_v1656 = _v1656 ^ 0x04ffd641;
				_v1628 = 0xc97098;
				_t401 = 0x3f;
				_v1628 = _v1628 / _t401;
				_v1628 = _v1628 << 2;
				_v1628 = _v1628 ^ 0x0000c1e6;
				_v1664 = 0x186675;
				_v1664 = _v1664 + 0x5979;
				_v1664 = _v1664 + 0xda5e;
				_v1664 = _v1664 ^ 0x0013e2ca;
				_v1672 = 0x37994d;
				_t402 = 0x3c;
				_v1672 = _v1672 / _t402;
				_v1672 = _v1672 << 6;
				_v1672 = _v1672 ^ 0x0033bfe5;
				_v1588 = 0x8a41f;
				_v1588 = _v1588 ^ 0x744a78fd;
				_v1588 = _v1588 ^ 0x744e2179;
				_v1720 = 0x535779;
				_v1720 = _v1720 << 0xd;
				_v1720 = _v1720 + 0x4332;
				_v1720 = _v1720 + 0x735f;
				_v1720 = _v1720 ^ 0x6aed3196;
				_v1692 = 0x449a24;
				_t403 = 0x7f;
				_v1692 = _v1692 / _t403;
				_v1692 = _v1692 >> 0xb;
				_v1692 = _v1692 | 0x1a1cc036;
				_v1692 = _v1692 ^ 0x1a141e74;
				_v1680 = 0xcbdb4c;
				_t404 = 0x32;
				_v1680 = _v1680 / _t404;
				_v1680 = _v1680 + 0xffff62cd;
				_v1680 = _v1680 ^ 0x0005b6c2;
				_v1712 = 0x490fe1;
				_v1712 = _v1712 + 0xffff5c72;
				_v1712 = _v1712 | 0x8d0799de;
				_v1712 = _v1712 + 0xd1c7;
				_v1712 = _v1712 ^ 0x8d59d7bd;
				_v1564 = 0xeb31a6;
				_v1564 = _v1564 + 0x9db9;
				_v1564 = _v1564 ^ 0x00ef2ed2;
				_v1636 = 0x2bc790;
				_v1636 = _v1636 << 0xd;
				_v1636 = _v1636 + 0xc361;
				_v1636 = _v1636 ^ 0x78fc9b03;
				_v1608 = 0x9c27ff;
				_t405 = 0x79;
				_v1608 = _v1608 / _t405;
				_v1608 = _v1608 ^ 0x00083646;
				_v1612 = 0x2811b5;
				_v1612 = _v1612 << 7;
				_v1612 = _v1612 ^ 0x140bb062;
				_v1704 = 0x10f563;
				_v1704 = _v1704 << 7;
				_v1704 = _v1704 + 0x8e91;
				_v1704 = _v1704 >> 1;
				_v1704 = _v1704 ^ 0x043150d1;
				_v1668 = 0xd17281;
				_v1668 = _v1668 + 0xffff6975;
				_v1668 = _v1668 * 5;
				_v1668 = _v1668 ^ 0x041d3199;
				_v1676 = 0x45cf94;
				_v1676 = _v1676 | 0xf5b6f9ff;
				_v1676 = _v1676 ^ 0xf5f7fea4;
				_v1640 = 0xed0f5a;
				_v1640 = _v1640 | 0x16dcab92;
				_v1640 = _v1640 ^ 0xea8ad617;
				_v1640 = _v1640 ^ 0xfc77378a;
				_v1684 = 0xfd4b0d;
				_v1684 = _v1684 ^ 0xf5deb09c;
				_v1684 = _v1684 * 0x14;
				_v1684 = _v1684 ^ 0x26c6ef50;
				_v1600 = 0xb07e76;
				_v1600 = _v1600 + 0x891d;
				_v1600 = _v1600 ^ 0x00bcbcf5;
				_v1660 = 0xdc9573;
				_v1660 = _v1660 | 0xf03871f4;
				_v1660 = _v1660 >> 9;
				_v1660 = _v1660 ^ 0x0071eac7;
				_v1620 = 0x8203d2;
				_v1620 = _v1620 ^ 0xa8466021;
				_v1620 = _v1620 ^ 0xa8c8da0e;
				_v1688 = 0x3e6237;
				_v1688 = _v1688 + 0x1a50;
				_v1688 = _v1688 >> 3;
				_t451 = _v1620;
				_v1688 = _v1688 * 0x2f;
				_v1688 = _v1688 ^ 0x0160f017;
				_v1696 = 0x29d1f1;
				_v1696 = _v1696 + 0xffffde63;
				_v1696 = _v1696 + 0xffff46cf;
				_v1696 = _v1696 * 0x14;
				_v1696 = _v1696 ^ 0x033cdd59;
				_v1624 = 0xc011c7;
				_v1624 = _v1624 + 0xffff119f;
				_v1624 = _v1624 >> 7;
				_v1624 = _v1624 ^ 0x00036cbb;
				while(_t445 != 0x2906f2f) {
					if(_t445 == 0x5f4d19a) {
						E02BCFE2A(_v1592, _v1632, 0x208,  &_v1560);
						_pop(_t405);
						_t445 = 0x2906f2f;
						continue;
					}
					if(_t445 == 0x6d37c50) {
						_t381 = _t451;
						__eflags =  *_t451 - _t395;
						if(__eflags == 0) {
							L17:
							_t445 = 0xfe0ac9e;
							continue;
						} else {
							goto L10;
						}
						do {
							L10:
							__eflags =  *_t381 - 0x2c;
							if( *_t381 != 0x2c) {
								goto L16;
							}
							_t444 =  &_v1560;
							while(1) {
								_t381 =  &(_t381[1]);
								_t415 =  *_t381 & 0x0000ffff;
								__eflags = _t415;
								if(_t415 == 0) {
									break;
								}
								__eflags = _t415 - 0x20;
								if(_t415 == 0x20) {
									break;
								}
								 *_t444 = _t415;
								_t444 =  &(_t444[0]);
								__eflags = _t444;
							}
							_t405 = 0;
							__eflags = 0;
							 *_t444 = 0;
							L16:
							_t381 =  &(_t381[1]);
							__eflags =  *_t381 - _t395;
						} while (__eflags != 0);
						goto L17;
					}
					if(_t445 == 0x88437ca) {
						E02BB1A34(_v1572,  &_v1040, _t405, _t405, _v1656, _v1628, _v1664, _t405, _v1648, _v1672);
						E02BD0DB1(_v1588,  &_v520, __eflags, _v1720, _v1572, _v1692);
						_push(_v1636);
						_push(_v1564);
						_push(_v1712);
						_t449 = E02BCE1F8(0x2bb1160, _v1680, __eflags);
						E02BD2D0A(_v1612, __eflags,  &_v520, _v1704, _v1668, _v1676, 0x2bb1160, _t451,  &_v1040, _t449);
						_t405 = _t449;
						E02BCFECB(_t405, _v1640, _v1684, _v1600, _v1660);
						_t452 =  &(_t452[0x19]);
						_t445 = 0xc3a6a1c;
						continue;
					}
					if(_t445 == 0xc3a6a1c) {
						_push(_t405);
						E02BC85FF(_v1620, _v1688, __eflags, _t395, _t451, _t395, _v1696, _t395, _v1624);
						_t395 = 1;
						__eflags = 1;
						L23:
						return _t395;
					}
					_t462 = _t445 - 0xfe0ac9e;
					if(_t445 == 0xfe0ac9e) {
						_push(_v1576);
						_push(_v1616);
						_push(_v1716);
						_t450 = E02BCE1F8(0x2bb1120, _v1700, _t462);
						_t393 = E02BD061D(_v1604, _t450,  &_v1560, _v1708, _v1580); // executed
						_t405 = _t450;
						asm("sbb edi, edi");
						_t445 = ( ~_t393 & 0x02221bd6) + 0x6621bf4;
						E02BCFECB(_t405, _v1644, _v1652, _v1596, _v1568);
						_t452 =  &(_t452[9]);
					}
					L20:
					if(_t445 != 0x6621bf4) {
						continue;
					}
					goto L23;
				}
				_t451 = E02BBC307();
				_t445 = 0x6d37c50;
				goto L20;
			}

































































                                                                                                          0x02bcefdd
                                                                                                          0x02bcefe3
                                                                                                          0x02bcefed
                                                                                                          0x02bceff5
                                                                                                          0x02bceffd
                                                                                                          0x02bcf005
                                                                                                          0x02bcf010
                                                                                                          0x02bcf01b
                                                                                                          0x02bcf026
                                                                                                          0x02bcf038
                                                                                                          0x02bcf03d
                                                                                                          0x02bcf043
                                                                                                          0x02bcf04b
                                                                                                          0x02bcf04d
                                                                                                          0x02bcf055
                                                                                                          0x02bcf05a
                                                                                                          0x02bcf06c
                                                                                                          0x02bcf071
                                                                                                          0x02bcf07a
                                                                                                          0x02bcf085
                                                                                                          0x02bcf08d
                                                                                                          0x02bcf092
                                                                                                          0x02bcf097
                                                                                                          0x02bcf09f
                                                                                                          0x02bcf0a7
                                                                                                          0x02bcf0af
                                                                                                          0x02bcf0b4
                                                                                                          0x02bcf0bc
                                                                                                          0x02bcf0c4
                                                                                                          0x02bcf0cc
                                                                                                          0x02bcf0d4
                                                                                                          0x02bcf0d9
                                                                                                          0x02bcf0e1
                                                                                                          0x02bcf0f3
                                                                                                          0x02bcf0f6
                                                                                                          0x02bcf0fd
                                                                                                          0x02bcf108
                                                                                                          0x02bcf113
                                                                                                          0x02bcf11b
                                                                                                          0x02bcf126
                                                                                                          0x02bcf133
                                                                                                          0x02bcf137
                                                                                                          0x02bcf144
                                                                                                          0x02bcf148
                                                                                                          0x02bcf150
                                                                                                          0x02bcf15b
                                                                                                          0x02bcf166
                                                                                                          0x02bcf171
                                                                                                          0x02bcf179
                                                                                                          0x02bcf181
                                                                                                          0x02bcf189
                                                                                                          0x02bcf191
                                                                                                          0x02bcf199
                                                                                                          0x02bcf1a6
                                                                                                          0x02bcf1aa
                                                                                                          0x02bcf1b2
                                                                                                          0x02bcf1bd
                                                                                                          0x02bcf1c8
                                                                                                          0x02bcf1d3
                                                                                                          0x02bcf1e6
                                                                                                          0x02bcf1ed
                                                                                                          0x02bcf1f8
                                                                                                          0x02bcf203
                                                                                                          0x02bcf210
                                                                                                          0x02bcf21b
                                                                                                          0x02bcf223
                                                                                                          0x02bcf231
                                                                                                          0x02bcf236
                                                                                                          0x02bcf23c
                                                                                                          0x02bcf244
                                                                                                          0x02bcf250
                                                                                                          0x02bcf255
                                                                                                          0x02bcf25b
                                                                                                          0x02bcf260
                                                                                                          0x02bcf268
                                                                                                          0x02bcf270
                                                                                                          0x02bcf278
                                                                                                          0x02bcf280
                                                                                                          0x02bcf288
                                                                                                          0x02bcf294
                                                                                                          0x02bcf299
                                                                                                          0x02bcf29f
                                                                                                          0x02bcf2a4
                                                                                                          0x02bcf2ac
                                                                                                          0x02bcf2b7
                                                                                                          0x02bcf2c2
                                                                                                          0x02bcf2cd
                                                                                                          0x02bcf2d5
                                                                                                          0x02bcf2da
                                                                                                          0x02bcf2e2
                                                                                                          0x02bcf2ea
                                                                                                          0x02bcf2f2
                                                                                                          0x02bcf2fe
                                                                                                          0x02bcf303
                                                                                                          0x02bcf309
                                                                                                          0x02bcf30e
                                                                                                          0x02bcf316
                                                                                                          0x02bcf31e
                                                                                                          0x02bcf32a
                                                                                                          0x02bcf32f
                                                                                                          0x02bcf335
                                                                                                          0x02bcf33d
                                                                                                          0x02bcf345
                                                                                                          0x02bcf34d
                                                                                                          0x02bcf355
                                                                                                          0x02bcf35d
                                                                                                          0x02bcf365
                                                                                                          0x02bcf36d
                                                                                                          0x02bcf378
                                                                                                          0x02bcf383
                                                                                                          0x02bcf38e
                                                                                                          0x02bcf396
                                                                                                          0x02bcf39b
                                                                                                          0x02bcf3a3
                                                                                                          0x02bcf3ab
                                                                                                          0x02bcf3bd
                                                                                                          0x02bcf3c0
                                                                                                          0x02bcf3c7
                                                                                                          0x02bcf3d2
                                                                                                          0x02bcf3da
                                                                                                          0x02bcf3df
                                                                                                          0x02bcf3e7
                                                                                                          0x02bcf3ef
                                                                                                          0x02bcf3f4
                                                                                                          0x02bcf3fc
                                                                                                          0x02bcf400
                                                                                                          0x02bcf408
                                                                                                          0x02bcf410
                                                                                                          0x02bcf41d
                                                                                                          0x02bcf421
                                                                                                          0x02bcf429
                                                                                                          0x02bcf431
                                                                                                          0x02bcf439
                                                                                                          0x02bcf441
                                                                                                          0x02bcf449
                                                                                                          0x02bcf451
                                                                                                          0x02bcf459
                                                                                                          0x02bcf461
                                                                                                          0x02bcf469
                                                                                                          0x02bcf476
                                                                                                          0x02bcf47a
                                                                                                          0x02bcf482
                                                                                                          0x02bcf48d
                                                                                                          0x02bcf498
                                                                                                          0x02bcf4a3
                                                                                                          0x02bcf4ab
                                                                                                          0x02bcf4b3
                                                                                                          0x02bcf4b8
                                                                                                          0x02bcf4c0
                                                                                                          0x02bcf4c8
                                                                                                          0x02bcf4d0
                                                                                                          0x02bcf4d8
                                                                                                          0x02bcf4e0
                                                                                                          0x02bcf4e8
                                                                                                          0x02bcf4f2
                                                                                                          0x02bcf4f6
                                                                                                          0x02bcf4fa
                                                                                                          0x02bcf502
                                                                                                          0x02bcf50a
                                                                                                          0x02bcf512
                                                                                                          0x02bcf51f
                                                                                                          0x02bcf523
                                                                                                          0x02bcf52b
                                                                                                          0x02bcf533
                                                                                                          0x02bcf53b
                                                                                                          0x02bcf540
                                                                                                          0x02bcf548
                                                                                                          0x02bcf55a
                                                                                                          0x02bcf72e
                                                                                                          0x02bcf734
                                                                                                          0x02bcf735
                                                                                                          0x00000000
                                                                                                          0x02bcf735
                                                                                                          0x02bcf566
                                                                                                          0x02bcf6d1
                                                                                                          0x02bcf6d3
                                                                                                          0x02bcf6d7
                                                                                                          0x02bcf70c
                                                                                                          0x02bcf70c
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bcf6d9
                                                                                                          0x02bcf6d9
                                                                                                          0x02bcf6d9
                                                                                                          0x02bcf6dd
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bcf6df
                                                                                                          0x02bcf6f4
                                                                                                          0x02bcf6f4
                                                                                                          0x02bcf6f7
                                                                                                          0x02bcf6fa
                                                                                                          0x02bcf6fd
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bcf6e8
                                                                                                          0x02bcf6ec
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bcf6ee
                                                                                                          0x02bcf6f1
                                                                                                          0x02bcf6f1
                                                                                                          0x02bcf6f1
                                                                                                          0x02bcf6ff
                                                                                                          0x02bcf6ff
                                                                                                          0x02bcf701
                                                                                                          0x02bcf704
                                                                                                          0x02bcf704
                                                                                                          0x02bcf707
                                                                                                          0x02bcf707
                                                                                                          0x00000000
                                                                                                          0x02bcf6d9
                                                                                                          0x02bcf572
                                                                                                          0x02bcf62f
                                                                                                          0x02bcf64e
                                                                                                          0x02bcf653
                                                                                                          0x02bcf65c
                                                                                                          0x02bcf663
                                                                                                          0x02bcf673
                                                                                                          0x02bcf6a2
                                                                                                          0x02bcf6ab
                                                                                                          0x02bcf6bf
                                                                                                          0x02bcf6c4
                                                                                                          0x02bcf6c7
                                                                                                          0x00000000
                                                                                                          0x02bcf6c7
                                                                                                          0x02bcf57e
                                                                                                          0x02bcf760
                                                                                                          0x02bcf778
                                                                                                          0x02bcf782
                                                                                                          0x02bcf782
                                                                                                          0x02bcf786
                                                                                                          0x02bcf78f
                                                                                                          0x02bcf78f
                                                                                                          0x02bcf584
                                                                                                          0x02bcf58a
                                                                                                          0x02bcf590
                                                                                                          0x02bcf59c
                                                                                                          0x02bcf5a0
                                                                                                          0x02bcf5b4
                                                                                                          0x02bcf5cb
                                                                                                          0x02bcf5d9
                                                                                                          0x02bcf5ef
                                                                                                          0x02bcf5f7
                                                                                                          0x02bcf5fd
                                                                                                          0x02bcf602
                                                                                                          0x02bcf602
                                                                                                          0x02bcf752
                                                                                                          0x02bcf758
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bcf75e
                                                                                                          0x02bcf74b
                                                                                                          0x02bcf74d
                                                                                                          0x00000000

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: |t$(@$7b>$<T$HA^$_s$t[$y!Nt$yWS$yY
                                                                                                          • API String ID: 0-3414766599
                                                                                                          • Opcode ID: 86f03dcd11d8696e0fcf05361d526da3ce3edba29874307ad5531566a954fe21
                                                                                                          • Instruction ID: 4760c9dffdae82c4822af24873c0a48fcf36549a29449285be927c7e11470329
                                                                                                          • Opcode Fuzzy Hash: 86f03dcd11d8696e0fcf05361d526da3ce3edba29874307ad5531566a954fe21
                                                                                                          • Instruction Fuzzy Hash: 0A0212715083809FD368CF25C48AA5BBBF2FBC5318F50895EE2D986260D7B59949CF43
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BD061D, Relevance: 1.3, APIs: 1, Instructions: 52stringCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 46 2bd061d-2bd06eb call 2bcfe29 call 2bbeb52 lstrcmpiW
                                                                                                          C-Code - Quality: 79%
                                                                                                          			E02BD061D(signed int __ecx, WCHAR* __edx, WCHAR* _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				void* _t44;
				int _t53;
				WCHAR* _t56;

				_push(_a12);
				_t56 = __edx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E02BCFE29(_t44);
				_v24 = _v24 & 0x00000000;
				_v28 = 0xcd60b7;
				_v12 = 0x7257ab;
				_v12 = _v12 << 0xd;
				_v12 = _v12 + 0x8f69;
				_v12 = _v12 * 0x4c;
				_v12 = _v12 ^ 0x410f7a13;
				_v8 = 0x7b4696;
				_v8 = _v8 + 0xffff4950;
				_v8 = _v8 | 0x2a0f624b;
				_v8 = _v8 * 0x3a;
				_v8 = _v8 ^ 0xa0f3ec54;
				_v20 = 0x8a2161;
				_v20 = _v20 + 0xffff45ea;
				_v20 = _v20 ^ 0x1b6c7fa6;
				_v20 = _v20 ^ 0x1be8dede;
				_v16 = 0xdcc12a;
				_v16 = _v16 + 0xb9f4;
				_v16 = _v16 + 0xffffcfef;
				_v16 = _v16 ^ 0x00d9de04;
				E02BBEB52(__ecx, __ecx, 0xb7861dce, 0x3e, 0xa2289af1);
				_t53 = lstrcmpiW(_a4, _t56); // executed
				return _t53;
			}












                                                                                                          0x02bd0624
                                                                                                          0x02bd0627
                                                                                                          0x02bd0629
                                                                                                          0x02bd062c
                                                                                                          0x02bd062f
                                                                                                          0x02bd0630
                                                                                                          0x02bd0631
                                                                                                          0x02bd0636
                                                                                                          0x02bd063d
                                                                                                          0x02bd0644
                                                                                                          0x02bd064b
                                                                                                          0x02bd064f
                                                                                                          0x02bd0667
                                                                                                          0x02bd066a
                                                                                                          0x02bd0671
                                                                                                          0x02bd0678
                                                                                                          0x02bd067f
                                                                                                          0x02bd068b
                                                                                                          0x02bd068e
                                                                                                          0x02bd0695
                                                                                                          0x02bd069c
                                                                                                          0x02bd06a3
                                                                                                          0x02bd06aa
                                                                                                          0x02bd06b1
                                                                                                          0x02bd06b8
                                                                                                          0x02bd06bf
                                                                                                          0x02bd06c6
                                                                                                          0x02bd06d9
                                                                                                          0x02bd06e5
                                                                                                          0x02bd06eb

                                                                                                          APIs
                                                                                                          • lstrcmpiW.KERNELBASE(410F7A13,00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 02BD06E5
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID: lstrcmpi
                                                                                                          • String ID:
                                                                                                          • API String ID: 1586166983-0
                                                                                                          • Opcode ID: ef59b29d425997034e4fed527bf505b0074c5b4e8b9fa1c114afddacbc91d9b0
                                                                                                          • Instruction ID: 79143ae3d925a4574c342009f9c2ba3bfa3833fff9b136c6080a60a9944f9922
                                                                                                          • Opcode Fuzzy Hash: ef59b29d425997034e4fed527bf505b0074c5b4e8b9fa1c114afddacbc91d9b0
                                                                                                          • Instruction Fuzzy Hash: 4C21E3B1C01319ABCF14DFA9D9899DEBFB5FB10354F108198E529A6251D3B59B04CF90
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Non-executed Functions

                                                                                                          Function 02BB8636, Relevance: 39.9, Strings: 31, Instructions: 1175COMMONCrypto
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 51 2bb8636-2bb9aca 52 2bb9ad5-2bb9adb 51->52 53 2bb9f21-2bb9f27 52->53 54 2bb9ae1 52->54 57 2bb9f2d 53->57 58 2bba137-2bba13d 53->58 55 2bb9ae7-2bb9aed 54->55 56 2bba3e5-2bba3f8 call 2bc27f9 54->56 62 2bb9d2c-2bb9d32 55->62 63 2bb9af3 55->63 90 2bba406-2bba40d 56->90 64 2bba11d-2bba132 call 2bbf8a0 57->64 65 2bb9f33-2bb9f39 57->65 59 2bba143 58->59 60 2bba284-2bba28a 58->60 71 2bba27a-2bba27f 59->71 72 2bba149-2bba14f 59->72 76 2bba3a8-2bba3b4 call 2bba445 60->76 77 2bba290-2bba296 60->77 69 2bb9d38 62->69 70 2bb9e70-2bb9e76 62->70 74 2bb9af9-2bb9aff 63->74 75 2bb9d07-2bb9d1c call 2bd0e63 63->75 64->52 66 2bb9f3f 65->66 67 2bb9fd2-2bb9fd8 65->67 81 2bb9fbf-2bb9fcd call 2bcfbde 66->81 82 2bb9f41-2bb9f47 66->82 86 2bba0fb-2bba10d call 2bcad08 67->86 87 2bb9fde-2bb9fe4 67->87 84 2bb9d3e-2bb9d44 69->84 85 2bb9e53-2bb9e65 call 2bc3eaa 69->85 91 2bb9f0b-2bb9f1c call 2bd2009 70->91 92 2bb9e7c-2bb9e82 70->92 71->52 88 2bba151-2bba153 72->88 89 2bba1c4-2bba1ec call 2bce4e5 72->89 93 2bb9c82-2bb9c88 74->93 94 2bb9b05 74->94 75->90 120 2bb9d22-2bb9d27 75->120 97 2bba3b9-2bba3bf 76->97 79 2bba38b-2bba3a3 call 2bc8d3d 77->79 80 2bba29c-2bba2a2 77->80 79->52 80->97 98 2bba2a8-2bba389 call 2bc3d85 * 2 call 2bc9a01 call 2bcfecb * 2 80->98 81->52 114 2bba3fa-2bba401 call 2bba417 82->114 115 2bb9f4d-2bb9f53 82->115 100 2bb9d4a-2bb9d50 84->100 101 2bb9e2e-2bb9e43 call 2bbbdf9 84->101 85->70 86->90 161 2bba113-2bba118 86->161 102 2bb9fea-2bb9ff0 87->102 103 2bba0dd-2bba0eb call 2bc4a66 87->103 104 2bba1a2-2bba1bf call 2bb5386 88->104 105 2bba155-2bba15b 88->105 170 2bba1ee-2bba1f2 89->170 171 2bba1f4-2bba1fd 89->171 91->52 118 2bb9ef8-2bb9f06 call 2bb4b5d 92->118 119 2bb9e84-2bb9e8a 92->119 112 2bb9c8e-2bb9c94 93->112 113 2bba3c7-2bba3e3 call 2bd17bd 93->113 108 2bb9b0b-2bb9b11 94->108 109 2bb9c42-2bb9c7d call 2bb77a3 94->109 97->52 139 2bba3c5 97->139 98->97 123 2bb9dcf-2bb9e29 call 2bba40e call 2bcd1bc 100->123 124 2bb9d52-2bb9d58 100->124 101->90 186 2bb9e49-2bb9e4e 101->186 125 2bba048-2bba077 call 2bb55ff 102->125 126 2bb9ff2-2bb9ff8 102->126 103->90 187 2bba0f1-2bba0f6 103->187 104->52 127 2bba17e-2bba19d call 2bcc387 105->127 128 2bba15d-2bba163 105->128 134 2bb9be8-2bb9bfd call 2bb670b 108->134 135 2bb9b17-2bb9b1d 108->135 109->52 137 2bb9cf1-2bb9d02 call 2bd2699 112->137 138 2bb9c96-2bb9c9c 112->138 113->90 114->90 140 2bb9fa9-2bb9fba call 2bcc5d5 115->140 141 2bb9f55-2bb9f5b 115->141 118->52 148 2bb9e8c-2bb9e92 119->148 149 2bb9ec2-2bb9ef3 call 2bce955 call 2bcd111 119->149 120->52 123->52 151 2bb9d5a-2bb9d60 124->151 152 2bb9db7-2bb9dca 124->152 204 2bba079-2bba0ab call 2bccca0 125->204 205 2bba0b0-2bba0ba 125->205 126->97 153 2bb9ffe-2bba043 call 2bd0e63 call 2bccca0 126->153 127->52 128->97 165 2bba169-2bba179 128->165 213 2bb9bff-2bb9c1d call 2bcd111 134->213 214 2bb9c22-2bb9c3d call 2bcd111 134->214 156 2bb9bc3-2bb9bd8 call 2bc2142 135->156 157 2bb9b23-2bb9b29 135->157 137->52 172 2bb9c9e-2bb9ca4 138->172 173 2bb9cd4-2bb9cec call 2bb30e7 138->173 139->90 140->52 174 2bb9f8f-2bb9fa4 call 2bbd14c 141->174 175 2bb9f5d-2bb9f63 141->175 148->97 162 2bb9e98-2bb9ebd call 2bbde74 148->162 149->52 151->97 180 2bb9d66-2bb9db2 call 2bcc37e call 2bcbd13 151->180 152->52 248 2bb9cca-2bb9ccf 153->248 156->90 230 2bb9bde-2bb9be3 156->230 184 2bb9b2b-2bb9b31 157->184 185 2bb9b61-2bb9b68 157->185 161->52 162->52 165->52 193 2bba26e-2bba275 170->193 195 2bba1ff-2bba22f call 2bccca0 171->195 196 2bba236-2bba239 171->196 172->97 194 2bb9caa-2bb9cc9 call 2bd2b09 172->194 173->52 174->52 175->97 197 2bb9f69-2bb9f77 call 2bcd111 175->197 180->52 184->97 207 2bb9b37-2bb9b5c call 2bd2b09 184->207 208 2bb9b6a-2bb9ba4 call 2bba40e call 2bd1028 185->208 209 2bb9bbc-2bb9bbe 185->209 186->52 187->52 193->52 194->248 195->196 196->193 218 2bba23b-2bba26c call 2bccca0 196->218 249 2bb9f79-2bb9f80 call 2bbc6b8 197->249 250 2bb9f85-2bb9f8a 197->250 204->250 226 2bba0bc-2bba0c1 205->226 227 2bba0c6-2bba0c8 205->227 207->52 259 2bb9bb0-2bb9bb7 call 2bc4f74 208->259 260 2bb9ba6-2bb9bab 208->260 209->97 213->52 214->52 218->193 226->52 243 2bba0ca-2bba0cd 227->243 244 2bba0d3-2bba0d8 227->244 230->52 243->244 243->250 244->52 248->52 249->250 250->52 259->209 260->52
                                                                                                          C-Code - Quality: 97%
                                                                                                          			E02BB8636() {
				signed int _v12;
				signed int _v20;
				intOrPtr _v24;
				signed int _v44;
				char _v56;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				char _v100;
				char _v108;
				signed int _v144;
				char _v152;
				char _v160;
				char _v164;
				char _v168;
				char _v172;
				char _v176;
				signed int _v180;
				signed int _v184;
				unsigned int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				unsigned int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				unsigned int _v268;
				unsigned int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				unsigned int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				signed int _v388;
				signed int _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				signed int _v408;
				signed int _v412;
				signed int _v416;
				signed int _v420;
				signed int _v424;
				signed int _v428;
				signed int _v432;
				signed int _v436;
				signed int _v440;
				signed int _v444;
				unsigned int _v448;
				signed int _v452;
				signed int _v456;
				signed int _v460;
				signed int _v464;
				signed int _v468;
				signed int _v472;
				signed int _v476;
				signed int _v480;
				signed int _v484;
				unsigned int _v488;
				signed int _v492;
				signed int _v496;
				signed int _v500;
				signed int _v504;
				signed int _v508;
				signed int _v512;
				signed int _v516;
				signed int _v520;
				signed int _v524;
				unsigned int _v528;
				signed int _v532;
				signed int _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				unsigned int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _v572;
				signed int _v576;
				signed int _v580;
				signed int _v584;
				unsigned int _v588;
				signed int _v592;
				signed int _v596;
				signed int _v600;
				signed int _v604;
				signed int _v608;
				signed int _v612;
				signed int _v616;
				unsigned int _v620;
				signed int _v624;
				signed int _v628;
				signed int _v632;
				signed int _v636;
				signed int _v640;
				signed int _v644;
				signed int _v648;
				signed int _v652;
				signed int _v656;
				signed int _v660;
				signed int _v664;
				signed int _v668;
				signed int _v672;
				unsigned int _v676;
				signed int _t1259;
				signed int _t1287;
				signed int _t1299;
				signed int _t1310;
				signed int _t1340;
				signed int _t1341;
				signed int _t1343;
				signed int _t1344;
				signed int _t1345;
				signed int _t1346;
				signed int _t1347;
				signed int _t1348;
				signed int _t1349;
				signed int _t1350;
				signed int _t1351;
				signed int _t1352;
				signed int _t1353;
				signed int _t1354;
				signed int _t1355;
				signed int _t1356;
				signed int _t1357;
				signed int _t1358;
				signed int _t1359;
				signed int _t1360;
				signed int _t1361;
				signed int _t1362;
				signed int _t1363;
				signed int _t1364;
				signed int _t1365;
				signed int _t1384;
				signed int _t1465;
				signed int _t1466;
				signed int _t1469;
				signed int _t1482;
				signed int _t1495;
				signed int _t1498;
				void* _t1500;
				void* _t1504;
				void* _t1505;
				void* _t1506;

				_t1500 = (_t1498 & 0xfffffff8) - 0x2a0;
				_v548 = 0x612d76;
				_v548 = _v548 + 0xffffb226;
				_v548 = _v548 ^ 0x25733830;
				_v548 = _v548 + 0x94f7;
				_v548 = _v548 ^ 0x25147da1;
				_v608 = 0x8e6410;
				_v608 = _v608 | 0x5e5673b6;
				_v608 = _v608 ^ 0x9913f1ef;
				_v608 = _v608 * 0x3a;
				_t1469 = 0xe6d4a04;
				_v608 = _v608 ^ 0x4490702a;
				_v332 = 0x40e6a4;
				_v332 = _v332 ^ 0x1ba14b53;
				_v332 = _v332 ^ 0x1be1adf7;
				_v388 = 0xd7ca30;
				_t1343 = 0x42;
				_v388 = _v388 / _t1343;
				_v388 = _v388 + 0x3798;
				_v388 = _v388 ^ 0x000f1b75;
				_v216 = 0xd7fc5;
				_v216 = _v216 >> 1;
				_v216 = _v216 ^ 0x0004b337;
				_v516 = 0x59f14d;
				_v516 = _v516 >> 0xf;
				_t1344 = 0x4a;
				_v516 = _v516 / _t1344;
				_v516 = _v516 << 0xb;
				_v516 = _v516 ^ 0x00046054;
				_v304 = 0xedc603;
				_v304 = _v304 + 0xffffc02b;
				_v304 = _v304 ^ 0x00efeb53;
				_v232 = 0x637592;
				_t1465 = 0x6f;
				_t1345 = 0x31;
				_v232 = _v232 * 0x71;
				_v232 = _v232 ^ 0x2bef3074;
				_v372 = 0x919268;
				_v372 = _v372 << 9;
				_v372 = _v372 + 0x904f;
				_v372 = _v372 ^ 0x2324b0cf;
				_v484 = 0x568eb3;
				_v484 = _v484 * 0x42;
				_v484 = _v484 / _t1465;
				_v484 = _v484 ^ 0x0034ded9;
				_v472 = 0x365886;
				_v472 = _v472 << 0xc;
				_v472 = _v472 + 0xffff5d21;
				_v472 = _v472 ^ 0x6583ba5b;
				_v436 = 0xdfd34b;
				_v436 = _v436 / _t1345;
				_v436 = _v436 | 0x191717ac;
				_v436 = _v436 ^ 0x1914e100;
				_v196 = 0xd88df0;
				_t1346 = 0x15;
				_v196 = _v196 / _t1346;
				_v196 = _v196 ^ 0x0009e710;
				_v356 = 0xb64ed2;
				_v356 = _v356 >> 0xd;
				_t1340 = 0x1c;
				_t1347 = 0x51;
				_v356 = _v356 * 0x63;
				_v356 = _v356 ^ 0x0006dcaa;
				_v336 = 0x65c0e5;
				_v336 = _v336 * 0x7a;
				_v336 = _v336 >> 3;
				_v336 = _v336 ^ 0x060f054d;
				_v492 = 0x31a1;
				_v492 = _v492 ^ 0x5b528d22;
				_v492 = _v492 << 5;
				_v492 = _v492 ^ 0x6a59b43c;
				_v652 = 0x40a60;
				_v652 = _v652 | 0x6178721b;
				_v652 = _v652 + 0x8e9b;
				_v652 = _v652 / _t1340;
				_v652 = _v652 ^ 0x037a42dd;
				_v272 = 0xf0169f;
				_v272 = _v272 >> 5;
				_v272 = _v272 ^ 0x0004695a;
				_v528 = 0x24fae7;
				_v528 = _v528 ^ 0xfec3499d;
				_v528 = _v528 << 0xf;
				_v528 = _v528 >> 0xc;
				_v528 = _v528 ^ 0x0001af4c;
				_v188 = 0x9b8757;
				_v188 = _v188 >> 4;
				_v188 = _v188 ^ 0x000b2d6a;
				_v256 = 0x948fd;
				_v256 = _v256 ^ 0xf30bafdb;
				_v256 = _v256 ^ 0xf30b6e1f;
				_v464 = 0x93fe09;
				_v464 = _v464 / _t1347;
				_t1348 = 0x23;
				_v464 = _v464 * 0x7a;
				_v464 = _v464 ^ 0x00d327e8;
				_v648 = 0xd540cd;
				_v648 = _v648 * 0x5c;
				_v648 = _v648 >> 0xb;
				_v648 = _v648 / _t1348;
				_v648 = _v648 ^ 0x0005d45a;
				_v540 = 0x2acc1;
				_v540 = _v540 >> 7;
				_v540 = _v540 << 0x10;
				_t1349 = 0x59;
				_v540 = _v540 / _t1349;
				_v540 = _v540 ^ 0x000fef6f;
				_v264 = 0xfe7d93;
				_v264 = _v264 ^ 0x4bd787a7;
				_v264 = _v264 ^ 0x4b22b45d;
				_v208 = 0x23d5c9;
				_v208 = _v208 ^ 0x8f5a829d;
				_v208 = _v208 ^ 0x8f7555ae;
				_v524 = 0x2aaed2;
				_v524 = _v524 | 0x9661325e;
				_t1495 = 0x5c;
				_v524 = _v524 / _t1495;
				_v524 = _v524 * 0x63;
				_v524 = _v524 ^ 0xa1d330ca;
				_v612 = 0x173148;
				_v612 = _v612 >> 5;
				_v612 = _v612 + 0x14e7;
				_v612 = _v612 / _t1349;
				_v612 = _v612 ^ 0x0000773b;
				_v620 = 0xe48585;
				_v620 = _v620 << 0x10;
				_v620 = _v620 * 0x32;
				_v620 = _v620 >> 7;
				_v620 = _v620 ^ 0x0028030c;
				_v500 = 0xfd3bdc;
				_v500 = _v500 << 0xa;
				_v500 = _v500 ^ 0xf4e13163;
				_v520 = 0xe4fc5f;
				_v520 = _v520 + 0xa13e;
				_v520 = _v520 + 0xffff7828;
				_v520 = _v520 ^ 0x4d340404;
				_v520 = _v520 ^ 0x4dd63175;
				_v360 = 0x9532ce;
				_v360 = _v360 ^ 0xdad74cca;
				_v360 = _v360 | 0x8468d9e2;
				_v360 = _v360 ^ 0xde69f572;
				_v604 = 0x3a7c91;
				_v604 = _v604 | 0x10f1a45d;
				_v604 = _v604 + 0xffff6d1e;
				_v604 = _v604 | 0x776d764a;
				_v604 = _v604 ^ 0x77f7c5e5;
				_v212 = 0x6e3f57;
				_t279 =  &_v212; // 0x6e3f57
				_v212 =  *_t279 * 3;
				_v212 = _v212 ^ 0x01468193;
				_v220 = 0x58f789;
				_v220 = _v220 << 5;
				_v220 = _v220 ^ 0x0b1ef21b;
				_v236 = 0x737654;
				_v236 = _v236 + 0xe2b4;
				_v236 = _v236 ^ 0x0073a4da;
				_v416 = 0xc8c3a8;
				_v416 = _v416 ^ 0x4478b906;
				_v416 = _v416 * 0xc;
				_v416 = _v416 ^ 0x384ff3ff;
				_v576 = 0x407f47;
				_v576 = _v576 + 0x1a0d;
				_v576 = _v576 * 0x63;
				_v576 = _v576 << 2;
				_v576 = _v576 ^ 0x63e80fef;
				_v228 = 0x9b4b6;
				_v228 = _v228 + 0xffffd2d4;
				_v228 = _v228 ^ 0x000d2243;
				_v552 = 0xb96e33;
				_v552 = _v552 + 0x4381;
				_v552 = _v552 * 0xf;
				_v552 = _v552 + 0xffffbee9;
				_v552 = _v552 ^ 0x0ae545e5;
				_v560 = 0xe19e88;
				_v560 = _v560 | 0xc222c343;
				_v560 = _v560 / _t1465;
				_v560 = _v560 + 0x567c;
				_v560 = _v560 ^ 0x01c941bb;
				_v568 = 0xf463df;
				_v568 = _v568 | 0x401122c6;
				_v568 = _v568 >> 3;
				_v568 = _v568 | 0xf3373c61;
				_v568 = _v568 ^ 0xfb38c632;
				_v392 = 0xa88994;
				_v392 = _v392 >> 2;
				_v392 = _v392 + 0xfffffc92;
				_v392 = _v392 ^ 0x002883f3;
				_v544 = 0x16009;
				_v544 = _v544 ^ 0x700f0ae7;
				_v544 = _v544 << 0xd;
				_v544 = _v544 + 0xffffa581;
				_v544 = _v544 ^ 0xcd57c12d;
				_v400 = 0x4e3251;
				_v400 = _v400 << 0xd;
				_v400 = _v400 << 0xb;
				_v400 = _v400 ^ 0x510ef6f0;
				_v408 = 0xce49b4;
				_v408 = _v408 / _t1340;
				_v408 = _v408 | 0xa9ee0ad6;
				_v408 = _v408 ^ 0xa9ed29cd;
				_v368 = 0xfab4ff;
				_v368 = _v368 ^ 0x8bb4f731;
				_v368 = _v368 + 0x4788;
				_v368 = _v368 ^ 0x8b4dbddc;
				_v376 = 0x3b857d;
				_v376 = _v376 + 0xd8be;
				_v376 = _v376 ^ 0x0c7e0de1;
				_v376 = _v376 ^ 0x0c4b703c;
				_v384 = 0x702b67;
				_v384 = _v384 + 0x7016;
				_v384 = _v384 | 0xc6195e9d;
				_v384 = _v384 ^ 0xc67058d5;
				_v536 = 0xd092b2;
				_v536 = _v536 + 0xffff63c4;
				_v536 = _v536 | 0x81cb3080;
				_v536 = _v536 ^ 0x4ecdb7ae;
				_v536 = _v536 ^ 0xcf0bdc69;
				_v248 = 0xf8c39f;
				_v248 = _v248 | 0x0e89bf31;
				_v248 = _v248 ^ 0x0ef3b328;
				_v556 = 0x54f798;
				_v556 = _v556 >> 2;
				_v556 = _v556 ^ 0xd52f7ed0;
				_v556 = _v556 >> 6;
				_v556 = _v556 ^ 0x03531d7d;
				_v672 = 0xe1b7ad;
				_t1350 = 0x7a;
				_v672 = _v672 / _t1350;
				_v672 = _v672 << 0xc;
				_t1351 = 0xa;
				_v672 = _v672 / _t1351;
				_v672 = _v672 ^ 0x02f2c9f1;
				_v676 = 0xf0d76a;
				_v676 = _v676 >> 3;
				_v676 = _v676 + 0xffffb109;
				_v676 = _v676 >> 4;
				_v676 = _v676 ^ 0x0006f826;
				_v200 = 0xd1b71d;
				_t1352 = 0x7c;
				_v200 = _v200 / _t1352;
				_v200 = _v200 ^ 0x0006a6d0;
				_v596 = 0x496d6a;
				_t459 =  &_v596; // 0x496d6a
				_v596 =  *_t459 * 0x6b;
				_v596 = _v596 + 0xbb66;
				_v596 = _v596 + 0xffff602d;
				_v596 = _v596 ^ 0x1ebb8efb;
				_v404 = 0xf3863;
				_v404 = _v404 >> 0xe;
				_t1353 = 0x2a;
				_v404 = _v404 / _t1353;
				_v404 = _v404 ^ 0x00094758;
				_v476 = 0x611fd8;
				_v476 = _v476 | 0xb878f5dc;
				_v476 = _v476 + 0xad5b;
				_v476 = _v476 ^ 0xb87809fa;
				_v460 = 0xcf43a7;
				_v460 = _v460 ^ 0xdec9221b;
				_v460 = _v460 ^ 0xf00bdbd0;
				_v460 = _v460 ^ 0x2e089b39;
				_v340 = 0x6e2519;
				_v340 = _v340 + 0xffff23bc;
				_v340 = _v340 + 0xffffab38;
				_v340 = _v340 ^ 0x00658e81;
				_v468 = 0x6e95b3;
				_v468 = _v468 | 0xe42d871f;
				_v468 = _v468 + 0xffff0334;
				_v468 = _v468 ^ 0xe4661c95;
				_v184 = 0x976a3e;
				_v184 = _v184 >> 2;
				_v184 = _v184 ^ 0x002fb3e7;
				_v640 = 0xf929b2;
				_v640 = _v640 >> 4;
				_v640 = _v640 + 0x46ec;
				_t1354 = 0x4e;
				_v640 = _v640 * 0x14;
				_v640 = _v640 ^ 0x013b9ce5;
				_v288 = 0x293a87;
				_v288 = _v288 * 0x1a;
				_v288 = _v288 ^ 0x042f344b;
				_v300 = 0x77766c;
				_v300 = _v300 + 0xffff170c;
				_v300 = _v300 ^ 0x007d4cee;
				_v308 = 0x8e9aa4;
				_v308 = _v308 / _t1354;
				_v308 = _v308 ^ 0x00052c4e;
				_v456 = 0x218ab6;
				_v456 = _v456 / _t1340;
				_v456 = _v456 << 8;
				_v456 = _v456 ^ 0x0138796e;
				_v632 = 0x66de5e;
				_v632 = _v632 + 0xffff10e7;
				_v632 = _v632 << 8;
				_v632 = _v632 + 0xffffeb43;
				_v632 = _v632 ^ 0x65e84e4c;
				_v412 = 0x242a03;
				_v412 = _v412 << 3;
				_v412 = _v412 >> 4;
				_v412 = _v412 ^ 0x00169ab3;
				_v580 = 0x395796;
				_v580 = _v580 << 7;
				_v580 = _v580 >> 9;
				_v580 = _v580 + 0xb065;
				_v580 = _v580 ^ 0x000e083d;
				_v192 = 0xd019c8;
				_t1355 = 0x29;
				_v192 = _v192 / _t1355;
				_v192 = _v192 ^ 0x000d0418;
				_v364 = 0x5114b6;
				_v364 = _v364 << 9;
				_v364 = _v364 << 0xf;
				_v364 = _v364 ^ 0xb6040cfd;
				_v452 = 0xdc8bb5;
				_v452 = _v452 ^ 0xb07e6e5f;
				_v452 = _v452 << 0xe;
				_v452 = _v452 ^ 0xb9795724;
				_v572 = 0xdefa33;
				_v572 = _v572 + 0xae39;
				_t1356 = 0x16;
				_v572 = _v572 * 0x56;
				_v572 = _v572 * 0x33;
				_v572 = _v572 ^ 0xf7eaa6cf;
				_v280 = 0x106c99;
				_v280 = _v280 ^ 0xf1e2e143;
				_v280 = _v280 ^ 0xf1f1647c;
				_v444 = 0x12ba83;
				_v444 = _v444 + 0xffff2e0b;
				_v444 = _v444 | 0x954218b9;
				_v444 = _v444 ^ 0x95501631;
				_v636 = 0x6f6552;
				_v636 = _v636 * 0x3a;
				_v636 = _v636 * 0x63;
				_v636 = _v636 ^ 0xc29eccb8;
				_v508 = 0x9979f;
				_v508 = _v508 >> 3;
				_v508 = _v508 + 0xffff8ecf;
				_v508 = _v508 ^ 0x0008ebd3;
				_v504 = 0x338317;
				_v504 = _v504 + 0xffff3917;
				_v504 = _v504 >> 1;
				_v504 = _v504 ^ 0x001e4512;
				_v420 = 0x2775fd;
				_v420 = _v420 / _t1356;
				_v420 = _v420 | 0x1f6013d3;
				_v420 = _v420 ^ 0x1f654eff;
				_v656 = 0x7dcf58;
				_v656 = _v656 ^ 0x77b5ed19;
				_v656 = _v656 + 0x312f;
				_v656 = _v656 << 0xe;
				_v656 = _v656 ^ 0x14d47f34;
				_v488 = 0x685995;
				_v488 = _v488 >> 9;
				_v488 = _v488 + 0xe674;
				_v488 = _v488 ^ 0x000367d5;
				_v328 = 0x4f2a8a;
				_t1357 = 0x30;
				_v328 = _v328 * 0x6c;
				_v328 = _v328 ^ 0x2165dbb2;
				_v664 = 0xf8ddee;
				_v664 = _v664 + 0xffffc10e;
				_v664 = _v664 + 0x5798;
				_v664 = _v664 | 0xdb7e095f;
				_v664 = _v664 ^ 0xdbfa1ad3;
				_v616 = 0xdf2722;
				_v616 = _v616 << 0x10;
				_v616 = _v616 << 0xf;
				_v616 = _v616 << 5;
				_v616 = _v616 ^ 0x0003a7ab;
				_v284 = 0x367b22;
				_t693 =  &_v284; // 0x367b22
				_v284 =  *_t693 / _t1357;
				_v284 = _v284 ^ 0x00041d99;
				_v292 = 0xfb329f;
				_v292 = _v292 + 0xffffce68;
				_v292 = _v292 ^ 0x00fc3f30;
				_v624 = 0xe6983f;
				_v624 = _v624 * 0x70;
				_v624 = _v624 ^ 0x3704df59;
				_v624 = _v624 * 9;
				_v624 = _v624 ^ 0xf3155be5;
				_v260 = 0xc363a2;
				_v260 = _v260 ^ 0x1025f5e4;
				_v260 = _v260 ^ 0x10ec772f;
				_v268 = 0x606a55;
				_v268 = _v268 >> 3;
				_v268 = _v268 ^ 0x000fc817;
				_v600 = 0xd902a;
				_v600 = _v600 >> 0xb;
				_v600 = _v600 << 1;
				_v600 = _v600 << 6;
				_v600 = _v600 ^ 0x00039c6b;
				_v276 = 0xc6f76b;
				_v276 = _v276 + 0xc129;
				_v276 = _v276 ^ 0x00cee0d7;
				_v440 = 0x65c4cc;
				_v440 = _v440 ^ 0xf07a0639;
				_t1358 = 0x69;
				_v440 = _v440 * 0x5f;
				_v440 = _v440 ^ 0x1bc0a904;
				_v584 = 0x39d860;
				_v584 = _v584 * 0x58;
				_v584 = _v584 + 0x4905;
				_v584 = _v584 * 0x2a;
				_v584 = _v584 ^ 0x432fbf1f;
				_v448 = 0xf8616a;
				_v448 = _v448 >> 4;
				_v448 = _v448 + 0xfd7e;
				_v448 = _v448 ^ 0x0010392b;
				_v244 = 0x3f99e5;
				_v244 = _v244 | 0x57277205;
				_v244 = _v244 ^ 0x57370e4e;
				_v348 = 0xf9a67d;
				_v348 = _v348 + 0xffff1738;
				_v348 = _v348 + 0xa0df;
				_v348 = _v348 ^ 0x00f7be80;
				_v564 = 0x164474;
				_v564 = _v564 + 0xffff8d5e;
				_v564 = _v564 | 0xc2a179fa;
				_v564 = _v564 / _t1358;
				_v564 = _v564 ^ 0x01d1c3a4;
				_v668 = 0xe03ad;
				_v668 = _v668 + 0xffffcc8a;
				_t1359 = 0x3c;
				_v668 = _v668 / _t1359;
				_v668 = _v668 | 0xd2e9204d;
				_v668 = _v668 ^ 0xd2e45507;
				_v532 = 0xe9adcf;
				_v532 = _v532 + 0xffffcf22;
				_v532 = _v532 + 0xfffffe50;
				_t1360 = 0x7b;
				_v532 = _v532 / _t1360;
				_v532 = _v532 ^ 0x000617c2;
				_v204 = 0x5a4d2e;
				_v204 = _v204 + 0xffff4d75;
				_v204 = _v204 ^ 0x00531e36;
				_v224 = 0xf2d317;
				_v224 = _v224 * 3;
				_v224 = _v224 ^ 0x02d347bf;
				_v644 = 0xc36dbf;
				_v644 = _v644 + 0xffff71a3;
				_v644 = _v644 | 0x544094bf;
				_v644 = _v644 + 0x4309;
				_v644 = _v644 ^ 0x54c28134;
				_v296 = 0xcf1d90;
				_v296 = _v296 | 0x31ca05e0;
				_v296 = _v296 ^ 0x31c90339;
				_v588 = 0xc34a2d;
				_v588 = _v588 >> 8;
				_v588 = _v588 >> 4;
				_v588 = _v588 + 0x75c1;
				_v588 = _v588 ^ 0x000d315f;
				_v240 = 0xeb7d33;
				_v240 = _v240 + 0xffffc753;
				_v240 = _v240 ^ 0x00e8d488;
				_v180 = 0x669bed;
				_v180 = _v180 / _t1495;
				_v180 = _v180 ^ 0x0002c9fb;
				_v496 = 0xfe0b00;
				_v496 = _v496 ^ 0x5fe703de;
				_v496 = _v496 << 6;
				_v496 = _v496 ^ 0xc645a863;
				_v660 = 0x916252;
				_v660 = _v660 >> 3;
				_v660 = _v660 << 0xd;
				_v660 = _v660 + 0xffff7dae;
				_v660 = _v660 ^ 0x458d7e10;
				_v320 = 0x2cf738;
				_v320 = _v320 | 0xc975dcc7;
				_v320 = _v320 ^ 0xc9795cda;
				_v312 = 0xb1d1ee;
				_v312 = _v312 + 0xffff51df;
				_v312 = _v312 ^ 0x00b16bbb;
				_v344 = 0x3e092b;
				_v344 = _v344 >> 2;
				_v344 = _v344 << 0xe;
				_v344 = _v344 ^ 0xe09a27cb;
				_v352 = 0x68a1a;
				_v352 = _v352 + 0xc791;
				_v352 = _v352 | 0x7642bfae;
				_v352 = _v352 ^ 0x76458494;
				_v512 = 0xe86ea0;
				_v512 = _v512 + 0xf959;
				_v512 = _v512 | 0x4e18ffd8;
				_t1361 = 0x17;
				_v512 = _v512 / _t1361;
				_v512 = _v512 ^ 0x036c12f7;
				_v396 = 0xe760c6;
				_t1362 = 0x26;
				_v396 = _v396 * 0x31;
				_v396 = _v396 * 0x56;
				_v396 = _v396 ^ 0xe1869eee;
				_v316 = 0x7a30c6;
				_v316 = _v316 / _t1362;
				_v316 = _v316 ^ 0x0003103d;
				_v628 = 0x4f3273;
				_t1363 = 0x78;
				_v628 = _v628 / _t1363;
				_v628 = _v628 << 0xa;
				_v628 = _v628 ^ 0x53aad572;
				_v628 = _v628 ^ 0x51090573;
				_v380 = 0x21784b;
				_v380 = _v380 << 7;
				_v380 = _v380 << 9;
				_v380 = _v380 ^ 0x784b0fa0;
				_v428 = 0xd8c839;
				_v428 = _v428 + 0x77d0;
				_v428 = _v428 >> 2;
				_v428 = _v428 ^ 0x00364f42;
				_v324 = 0x188352;
				_v324 = _v324 + 0xffffa07e;
				_v324 = _v324 ^ 0x00159870;
				_v252 = 0xe98be6;
				_v252 = _v252 >> 2;
				_v252 = _v252 ^ 0x0037d959;
				_v480 = 0xa4f1f5;
				_t1364 = 0x59;
				_t1466 = _v500;
				_v480 = _v480 / _t1364;
				_v480 = _v480 + 0xffff7faf;
				_v480 = _v480 ^ 0x000fae01;
				_v592 = 0x82c23d;
				_v592 = _v592 + 0x5741;
				_v592 = _v592 ^ 0x9a18022a;
				_v592 = _v592 << 0x10;
				_v592 = _v592 ^ 0x1b5af420;
				_v424 = 0x341aa7;
				_v424 = _v424 | 0xfb8ffeba;
				_v424 = _v424 ^ 0xfbbf8b8f;
				_v432 = 0xf44743;
				_t1365 = 0x76;
				_t1341 = _v500;
				_v432 = _v432 / _t1365;
				_v432 = _v432 / _t1365;
				_v432 = _v432 ^ 0x0000ee1d;
				goto L1;
				do {
					while(1) {
						L1:
						_t1504 = _t1469 - 0x856f9ca;
						if(_t1504 <= 0) {
						}
						L2:
						if(_t1504 == 0) {
							_t1259 = E02BC27F9();
							L113:
							return _t1259;
						}
						_t1505 = _t1469 - 0x39ddd07;
						if(_t1505 > 0) {
							__eflags = _t1469 - 0x5c221fd;
							if(__eflags > 0) {
								__eflags = _t1469 - 0x627e178;
								if(_t1469 == 0x627e178) {
									_t1259 = E02BD2009();
									_t1469 = 0xa51fadb;
									while(1) {
										L1:
										_t1504 = _t1469 - 0x856f9ca;
										if(_t1504 <= 0) {
										}
										goto L54;
									}
									goto L2;
								}
								__eflags = _t1469 - 0x6362904;
								if(_t1469 == 0x6362904) {
									_t1259 = E02BB4B5D();
									_t1469 = 0x223c7a9;
									continue;
								}
								__eflags = _t1469 - 0x7a1cd5a;
								if(_t1469 == 0x7a1cd5a) {
									E02BCE955();
									_t1259 = E02BCD111();
									asm("sbb esi, esi");
									_t1469 = ( ~_t1259 & 0x02cd2b2b) + 0x6362904;
									continue;
								}
								__eflags = _t1469 - 0x8488c7d;
								if(_t1469 != 0x8488c7d) {
									break;
								}
								_t1259 = E02BBDE74();
								asm("sbb esi, esi");
								_t1469 = ( ~_t1259 & 0x060e21f6) + 0x19bf82;
								continue;
							}
							if(__eflags == 0) {
								_t1259 = E02BC3EAA();
								asm("sbb esi, esi");
								_t1482 =  ~_t1259 & 0xf8bf9ea4;
								L21:
								_t1469 = _t1482 + 0x9642905;
								continue;
							}
							__eflags = _t1469 - 0x41f7676;
							if(__eflags == 0) {
								_t1259 = E02BBBDF9(__eflags);
								__eflags = _t1259;
								if(_t1259 == 0) {
									goto L113;
								}
								_t1469 = 0x22d34a3;
								continue;
							}
							__eflags = _t1469 - 0x4c22f24;
							if(_t1469 == 0x4c22f24) {
								_t1259 = E02BCD1BC( &_v152, _v628, _v572, _v280, _v444,  &_v160, _v636, E02BBA40E());
								_t1500 = _t1500 + 0x18;
								asm("sbb esi, esi");
								_t1469 = ( ~_t1259 & 0x068737c2) + 0x4c22f24;
								continue;
							}
							__eflags = _t1469 - 0x4d97dbc;
							if(_t1469 == 0x4d97dbc) {
								_t1259 = _v396;
								_t1469 = 0xcbac970;
								_v84 = _t1259;
								continue;
							}
							__eflags = _t1469 - 0x4f2172b;
							if(_t1469 != 0x4f2172b) {
								break;
							}
							_v24 = E02BCC37E();
							_t1259 = E02BCBD13(_t1279, _v460, _v340, _v468, _v184);
							_t1500 = _t1500 + 0xc;
							_v20 = _t1259;
							_t1469 = 0xba8c9c0;
							continue;
						}
						if(_t1505 == 0) {
							_t1259 = E02BD0E63();
							__eflags = _t1259;
							if(_t1259 == 0) {
								goto L113;
							}
							_t1469 = 0xb3966a4;
							continue;
						}
						_t1506 = _t1469 - 0x1db8a88;
						if(_t1506 > 0) {
							__eflags = _t1469 - 0x223c7a9;
							if(_t1469 == 0x223c7a9) {
								_t1259 = E02BD17BD(_v500, _v520, _v360);
								goto L113;
							}
							__eflags = _t1469 - 0x22d34a3;
							if(_t1469 == 0x22d34a3) {
								_t1259 = E02BD2699();
								_t1469 = 0xa8d90c;
								continue;
							}
							__eflags = _t1469 - 0x282f66e;
							if(_t1469 == 0x282f66e) {
								_t1259 = E02BB30E7();
								_v88 = _t1259;
								_t1469 = 0xc53db32;
								continue;
							}
							__eflags = _t1469 - 0x32638c6;
							if(_t1469 != 0x32638c6) {
								break;
							}
							_t1259 = E02BD2B09(_v224, _v152, _v644, _v296);
							L29:
							_t1469 = 0x18cfb4a;
							continue;
						}
						if(_t1506 == 0) {
							_t1259 = E02BB77A3( &_v152, _v412, _v580, _v192,  &_v100);
							_t1500 = _t1500 + 0xc;
							asm("sbb esi, esi");
							_t1469 = ( ~_t1259 & 0x019bf65e) + 0x32638c6;
							continue;
						}
						if(_t1469 == 0x19bf82) {
							_t1287 = E02BB670B();
							__eflags = _t1287;
							if(_t1287 == 0) {
								_t1259 = E02BCD111();
								asm("sbb esi, esi");
								_t1469 = ( ~_t1259 & 0x05b25150) + 0x8c2c3ca;
								continue;
							}
							_t1259 = E02BCD111();
							asm("sbb esi, esi");
							_t1482 =  ~_t1259 & 0xfc5df8f8;
							__eflags = _t1482;
							goto L21;
						}
						if(_t1469 == 0xa8d90c) {
							_t1259 = E02BC2142();
							__eflags = _t1259;
							if(_t1259 == 0) {
								goto L113;
							}
							_t1469 = 0x39ddd07;
							continue;
						}
						if(_t1469 == 0x18cfb4a) {
							__eflags = _t1466 - _v332;
							if(_t1466 == _v332) {
								L16:
								_t1469 = _t1341;
								break;
							}
							_t1259 = E02BD1028(_v180, _v496, E02BBA40E(), _t1466, _v660, _v320);
							_t1500 = _t1500 + 0x10;
							__eflags = _t1259 - _v548;
							if(_t1259 == _v548) {
								_t1259 = E02BC4F74();
								goto L16;
							} else {
								_t1469 = 0x892c27a;
								continue;
							}
						}
						if(_t1469 != 0x19b3c55) {
							break;
						} else {
							_t1259 = E02BD2B09(_v668, _v160, _v532, _v204);
							_t1469 = 0x32638c6;
							continue;
						}
						L54:
						__eflags = _t1469 - 0xba8c9c0;
						if(__eflags > 0) {
							__eflags = _t1469 - 0xe6d4a04;
							if(__eflags > 0) {
								__eflags = _t1469 - 0xe75151a;
								if(_t1469 == 0xe75151a) {
									E02BBA445();
									_t1469 = 0x8c2c3ca;
									break;
								}
								__eflags = _t1469 - 0xea72fdd;
								if(_t1469 == 0xea72fdd) {
									_t1259 = E02BC8D3D();
									_t1469 = 0xee19950;
									continue;
								}
								__eflags = _t1469 - 0xee19950;
								if(__eflags == 0) {
									_v168 = E02BC3D85(_v236, 0x2bb1248, __eflags,  &_v164, _v416);
									_v176 = E02BC3D85(_v576, 0x2bb12a8, __eflags,  &_v172, _v228);
									_t1299 = E02BC9A01( &_v176,  &_v168, _v552, _v560, _v568);
									asm("sbb esi, esi");
									_t1469 = ( ~_t1299 & 0x03fcb1a4) + 0x75265a3;
									E02BCFECB(_v176, _v392, _v544, _v400, _v408);
									_t1259 = E02BCFECB(_v168, _v368, _v376, _v384, _v536);
									_t1500 = _t1500 + 0x34;
								}
								break;
							}
							if(__eflags == 0) {
								_t1469 = 0x41f7676;
								continue;
							}
							__eflags = _t1469 - 0xc031f76;
							if(_t1469 == 0xc031f76) {
								_t1384 = _v616;
								_t1259 = E02BCE4E5(_v284,  &_v108, _v292, _v624);
								_t1500 = _t1500 + 0xc;
								__eflags = _t1259;
								if(_t1259 == 0) {
									_t1259 = _v144;
									__eflags = _t1259;
									if(_t1259 == 0) {
										_push(_t1384);
										_push(_t1384);
										_t1466 = E02BCCCA0(_v252, _v592);
										_t1500 = _t1500 + 0x10;
										_t1259 = _v144;
									}
									__eflags = _t1259 - 1;
									if(_t1259 == 1) {
										_push(_t1384);
										_push(_t1384);
										_t1259 = E02BCCCA0(_v424, _v432);
										_t1500 = _t1500 + 0x10;
										_t1466 = _t1259;
									}
								} else {
									_t1466 = _v608;
								}
								_t1341 = 0xc4fb15d;
								_t1469 = 0x92191f9;
								continue;
							}
							__eflags = _t1469 - 0xc4fb15d;
							if(_t1469 == 0xc4fb15d) {
								_t1259 = E02BB5386(_v456,  &_v56, _v632);
								_pop(_t1384);
								_t1469 = 0x1db8a88;
								continue;
							}
							__eflags = _t1469 - 0xc53db32;
							if(_t1469 == 0xc53db32) {
								_t1259 = E02BCC387(_t1384);
								_v92 = _t1259;
								_t1469 = 0x4d97dbc;
								continue;
							}
							__eflags = _t1469 - 0xcbac970;
							if(_t1469 != 0xcbac970) {
								break;
							}
							_t1259 = _v316;
							_t1469 = 0xc4fb15d;
							_v44 = _t1259;
							continue;
						}
						if(__eflags == 0) {
							_t1259 = E02BBF8A0();
							_v12 = _t1259;
							_t1469 = 0x282f66e;
							continue;
						}
						__eflags = _t1469 - 0x9642905;
						if(__eflags > 0) {
							__eflags = _t1469 - 0xa51fadb;
							if(_t1469 == 0xa51fadb) {
								_t1259 = E02BCAD08();
								__eflags = _t1259;
								if(_t1259 == 0) {
									goto L113;
								}
								_t1469 = 0x7a1cd5a;
								continue;
							}
							__eflags = _t1469 - 0xb3966a4;
							if(_t1469 == 0xb3966a4) {
								_t1259 = E02BC4A66();
								__eflags = _t1259;
								if(_t1259 == 0) {
									goto L113;
								}
								_t1469 = 0x8488c7d;
								continue;
							}
							__eflags = _t1469 - 0xb4966e6;
							if(_t1469 == 0xb4966e6) {
								_t1384 = _v508;
								_t1310 = E02BB55FF(_t1384, _v504, _v420,  &_v160,  &_v144);
								_t1500 = _t1500 + 0xc;
								__eflags = _t1310;
								if(_t1310 != 0) {
									_t1259 = _v144;
									__eflags = _t1259 - 8;
									if(_t1259 != 8) {
										__eflags = _t1259;
										if(_t1259 == 0) {
											L79:
											_t1469 = 0xc031f76;
											continue;
										}
										__eflags = _t1259 - 1;
										if(_t1259 != 1) {
											L64:
											_t1469 = 0x19b3c55;
											continue;
										}
										goto L79;
									}
									_t1469 = 0x856f9ca;
									continue;
								}
								_push(_t1384);
								_push(_t1384);
								_t1259 = E02BCCCA0(_v324, _v480);
								_t1500 = _t1500 + 0x10;
								_t1466 = _t1259;
								_t1341 = 0xc4fb15d;
								goto L64;
							}
							__eflags = _t1469 - 0xb4f1747;
							if(_t1469 != 0xb4f1747) {
								break;
							}
							E02BD0E63();
							_t1341 = 0x4f2172b;
							_push(_t1384);
							_push(_t1384);
							_t1259 = E02BCCCA0(_v380, _v428);
							_t1500 = _t1500 + 0x10;
							_t1466 = _t1259;
							goto L29;
						}
						if(__eflags == 0) {
							_t1259 = E02BCFBDE();
							_t1469 = 0xea72fdd;
							continue;
						}
						__eflags = _t1469 - 0x892c27a;
						if(_t1469 == 0x892c27a) {
							_t1259 = E02BBA417(_t1384);
							goto L113;
						}
						__eflags = _t1469 - 0x8c2c3ca;
						if(_t1469 == 0x8c2c3ca) {
							_t1259 = E02BCC5D5();
							_t1469 = 0x627e178;
							continue;
						}
						__eflags = _t1469 - 0x903542f;
						if(_t1469 == 0x903542f) {
							_t1259 = E02BBD14C();
							_t1469 = 0x6362904;
							continue;
						}
						__eflags = _t1469 - 0x92191f9;
						if(_t1469 != 0x92191f9) {
							break;
						}
						_t1259 = E02BCD111();
						__eflags = _t1259;
						if(_t1259 == 0) {
							_t1259 = E02BBC6B8();
						}
						goto L64;
					}
					__eflags = _t1469 - 0x75265a3;
				} while (_t1469 != 0x75265a3);
				goto L113;
			}

























































































































































































                                                                                                          0x02bb863c
                                                                                                          0x02bb8642
                                                                                                          0x02bb864f
                                                                                                          0x02bb865a
                                                                                                          0x02bb8665
                                                                                                          0x02bb8670
                                                                                                          0x02bb867b
                                                                                                          0x02bb8683
                                                                                                          0x02bb868b
                                                                                                          0x02bb869c
                                                                                                          0x02bb86a0
                                                                                                          0x02bb86a5
                                                                                                          0x02bb86ad
                                                                                                          0x02bb86b8
                                                                                                          0x02bb86c3
                                                                                                          0x02bb86ce
                                                                                                          0x02bb86e2
                                                                                                          0x02bb86e7
                                                                                                          0x02bb86f0
                                                                                                          0x02bb86fb
                                                                                                          0x02bb8706
                                                                                                          0x02bb8711
                                                                                                          0x02bb8718
                                                                                                          0x02bb8723
                                                                                                          0x02bb872e
                                                                                                          0x02bb873d
                                                                                                          0x02bb8742
                                                                                                          0x02bb874b
                                                                                                          0x02bb8753
                                                                                                          0x02bb875e
                                                                                                          0x02bb8769
                                                                                                          0x02bb8774
                                                                                                          0x02bb877f
                                                                                                          0x02bb8792
                                                                                                          0x02bb8795
                                                                                                          0x02bb8798
                                                                                                          0x02bb879f
                                                                                                          0x02bb87aa
                                                                                                          0x02bb87b5
                                                                                                          0x02bb87bd
                                                                                                          0x02bb87c8
                                                                                                          0x02bb87d3
                                                                                                          0x02bb87e6
                                                                                                          0x02bb87f8
                                                                                                          0x02bb87ff
                                                                                                          0x02bb880a
                                                                                                          0x02bb8815
                                                                                                          0x02bb881d
                                                                                                          0x02bb8828
                                                                                                          0x02bb8833
                                                                                                          0x02bb8849
                                                                                                          0x02bb8850
                                                                                                          0x02bb885b
                                                                                                          0x02bb8866
                                                                                                          0x02bb8878
                                                                                                          0x02bb887b
                                                                                                          0x02bb8884
                                                                                                          0x02bb888f
                                                                                                          0x02bb889a
                                                                                                          0x02bb88ac
                                                                                                          0x02bb88af
                                                                                                          0x02bb88b0
                                                                                                          0x02bb88b7
                                                                                                          0x02bb88c2
                                                                                                          0x02bb88d7
                                                                                                          0x02bb88de
                                                                                                          0x02bb88e6
                                                                                                          0x02bb88f1
                                                                                                          0x02bb88fc
                                                                                                          0x02bb8907
                                                                                                          0x02bb890f
                                                                                                          0x02bb891a
                                                                                                          0x02bb8922
                                                                                                          0x02bb892a
                                                                                                          0x02bb893a
                                                                                                          0x02bb893e
                                                                                                          0x02bb8946
                                                                                                          0x02bb8951
                                                                                                          0x02bb8959
                                                                                                          0x02bb8964
                                                                                                          0x02bb896f
                                                                                                          0x02bb897a
                                                                                                          0x02bb8982
                                                                                                          0x02bb898a
                                                                                                          0x02bb8995
                                                                                                          0x02bb89a0
                                                                                                          0x02bb89a8
                                                                                                          0x02bb89b3
                                                                                                          0x02bb89be
                                                                                                          0x02bb89c9
                                                                                                          0x02bb89d4
                                                                                                          0x02bb89ea
                                                                                                          0x02bb89f9
                                                                                                          0x02bb89fc
                                                                                                          0x02bb8a03
                                                                                                          0x02bb8a0e
                                                                                                          0x02bb8a1b
                                                                                                          0x02bb8a1f
                                                                                                          0x02bb8a2c
                                                                                                          0x02bb8a30
                                                                                                          0x02bb8a38
                                                                                                          0x02bb8a43
                                                                                                          0x02bb8a4b
                                                                                                          0x02bb8a5a
                                                                                                          0x02bb8a5d
                                                                                                          0x02bb8a64
                                                                                                          0x02bb8a6f
                                                                                                          0x02bb8a7a
                                                                                                          0x02bb8a85
                                                                                                          0x02bb8a90
                                                                                                          0x02bb8a9b
                                                                                                          0x02bb8aa6
                                                                                                          0x02bb8ab1
                                                                                                          0x02bb8abc
                                                                                                          0x02bb8ad2
                                                                                                          0x02bb8ad7
                                                                                                          0x02bb8ae6
                                                                                                          0x02bb8aed
                                                                                                          0x02bb8af8
                                                                                                          0x02bb8b00
                                                                                                          0x02bb8b05
                                                                                                          0x02bb8b15
                                                                                                          0x02bb8b19
                                                                                                          0x02bb8b21
                                                                                                          0x02bb8b29
                                                                                                          0x02bb8b33
                                                                                                          0x02bb8b37
                                                                                                          0x02bb8b3c
                                                                                                          0x02bb8b44
                                                                                                          0x02bb8b4f
                                                                                                          0x02bb8b57
                                                                                                          0x02bb8b62
                                                                                                          0x02bb8b6d
                                                                                                          0x02bb8b78
                                                                                                          0x02bb8b83
                                                                                                          0x02bb8b8e
                                                                                                          0x02bb8b99
                                                                                                          0x02bb8ba4
                                                                                                          0x02bb8baf
                                                                                                          0x02bb8bba
                                                                                                          0x02bb8bc5
                                                                                                          0x02bb8bcd
                                                                                                          0x02bb8bd5
                                                                                                          0x02bb8bdd
                                                                                                          0x02bb8be5
                                                                                                          0x02bb8bed
                                                                                                          0x02bb8bf8
                                                                                                          0x02bb8c00
                                                                                                          0x02bb8c07
                                                                                                          0x02bb8c12
                                                                                                          0x02bb8c1d
                                                                                                          0x02bb8c25
                                                                                                          0x02bb8c30
                                                                                                          0x02bb8c3b
                                                                                                          0x02bb8c46
                                                                                                          0x02bb8c51
                                                                                                          0x02bb8c5c
                                                                                                          0x02bb8c6f
                                                                                                          0x02bb8c76
                                                                                                          0x02bb8c81
                                                                                                          0x02bb8c89
                                                                                                          0x02bb8c96
                                                                                                          0x02bb8c9a
                                                                                                          0x02bb8c9f
                                                                                                          0x02bb8ca7
                                                                                                          0x02bb8cb2
                                                                                                          0x02bb8cbd
                                                                                                          0x02bb8cc8
                                                                                                          0x02bb8cd3
                                                                                                          0x02bb8ce6
                                                                                                          0x02bb8ced
                                                                                                          0x02bb8cf8
                                                                                                          0x02bb8d03
                                                                                                          0x02bb8d0e
                                                                                                          0x02bb8d22
                                                                                                          0x02bb8d29
                                                                                                          0x02bb8d34
                                                                                                          0x02bb8d3f
                                                                                                          0x02bb8d47
                                                                                                          0x02bb8d4f
                                                                                                          0x02bb8d54
                                                                                                          0x02bb8d5c
                                                                                                          0x02bb8d64
                                                                                                          0x02bb8d71
                                                                                                          0x02bb8d79
                                                                                                          0x02bb8d84
                                                                                                          0x02bb8d8f
                                                                                                          0x02bb8d9a
                                                                                                          0x02bb8da5
                                                                                                          0x02bb8dad
                                                                                                          0x02bb8db8
                                                                                                          0x02bb8dc3
                                                                                                          0x02bb8dce
                                                                                                          0x02bb8dd6
                                                                                                          0x02bb8dde
                                                                                                          0x02bb8de9
                                                                                                          0x02bb8dff
                                                                                                          0x02bb8e08
                                                                                                          0x02bb8e13
                                                                                                          0x02bb8e1e
                                                                                                          0x02bb8e29
                                                                                                          0x02bb8e34
                                                                                                          0x02bb8e3f
                                                                                                          0x02bb8e4a
                                                                                                          0x02bb8e55
                                                                                                          0x02bb8e60
                                                                                                          0x02bb8e6b
                                                                                                          0x02bb8e76
                                                                                                          0x02bb8e81
                                                                                                          0x02bb8e8c
                                                                                                          0x02bb8e97
                                                                                                          0x02bb8ea2
                                                                                                          0x02bb8ead
                                                                                                          0x02bb8eb8
                                                                                                          0x02bb8ec3
                                                                                                          0x02bb8ece
                                                                                                          0x02bb8ed9
                                                                                                          0x02bb8ee4
                                                                                                          0x02bb8eef
                                                                                                          0x02bb8efa
                                                                                                          0x02bb8f05
                                                                                                          0x02bb8f0d
                                                                                                          0x02bb8f18
                                                                                                          0x02bb8f20
                                                                                                          0x02bb8f2b
                                                                                                          0x02bb8f37
                                                                                                          0x02bb8f3c
                                                                                                          0x02bb8f42
                                                                                                          0x02bb8f4b
                                                                                                          0x02bb8f50
                                                                                                          0x02bb8f56
                                                                                                          0x02bb8f5e
                                                                                                          0x02bb8f66
                                                                                                          0x02bb8f6b
                                                                                                          0x02bb8f73
                                                                                                          0x02bb8f78
                                                                                                          0x02bb8f80
                                                                                                          0x02bb8f92
                                                                                                          0x02bb8f95
                                                                                                          0x02bb8f9c
                                                                                                          0x02bb8fa7
                                                                                                          0x02bb8faf
                                                                                                          0x02bb8fb4
                                                                                                          0x02bb8fb8
                                                                                                          0x02bb8fc0
                                                                                                          0x02bb8fc8
                                                                                                          0x02bb8fd0
                                                                                                          0x02bb8fdb
                                                                                                          0x02bb8fee
                                                                                                          0x02bb8ff3
                                                                                                          0x02bb8ffa
                                                                                                          0x02bb9005
                                                                                                          0x02bb9010
                                                                                                          0x02bb901b
                                                                                                          0x02bb9026
                                                                                                          0x02bb9031
                                                                                                          0x02bb903c
                                                                                                          0x02bb9047
                                                                                                          0x02bb9052
                                                                                                          0x02bb905d
                                                                                                          0x02bb9068
                                                                                                          0x02bb9073
                                                                                                          0x02bb907e
                                                                                                          0x02bb9089
                                                                                                          0x02bb9094
                                                                                                          0x02bb909f
                                                                                                          0x02bb90aa
                                                                                                          0x02bb90b5
                                                                                                          0x02bb90c0
                                                                                                          0x02bb90c8
                                                                                                          0x02bb90d3
                                                                                                          0x02bb90db
                                                                                                          0x02bb90e0
                                                                                                          0x02bb90ef
                                                                                                          0x02bb90f2
                                                                                                          0x02bb90f6
                                                                                                          0x02bb90fe
                                                                                                          0x02bb9111
                                                                                                          0x02bb9118
                                                                                                          0x02bb9123
                                                                                                          0x02bb912e
                                                                                                          0x02bb9139
                                                                                                          0x02bb9144
                                                                                                          0x02bb915a
                                                                                                          0x02bb9161
                                                                                                          0x02bb916c
                                                                                                          0x02bb9182
                                                                                                          0x02bb9189
                                                                                                          0x02bb9191
                                                                                                          0x02bb919c
                                                                                                          0x02bb91a4
                                                                                                          0x02bb91ac
                                                                                                          0x02bb91b1
                                                                                                          0x02bb91b9
                                                                                                          0x02bb91c1
                                                                                                          0x02bb91cc
                                                                                                          0x02bb91d4
                                                                                                          0x02bb91dc
                                                                                                          0x02bb91e7
                                                                                                          0x02bb91ef
                                                                                                          0x02bb91f4
                                                                                                          0x02bb91f9
                                                                                                          0x02bb9201
                                                                                                          0x02bb9209
                                                                                                          0x02bb921b
                                                                                                          0x02bb921e
                                                                                                          0x02bb9225
                                                                                                          0x02bb9230
                                                                                                          0x02bb923b
                                                                                                          0x02bb9243
                                                                                                          0x02bb924b
                                                                                                          0x02bb9256
                                                                                                          0x02bb9261
                                                                                                          0x02bb926e
                                                                                                          0x02bb9276
                                                                                                          0x02bb9281
                                                                                                          0x02bb9289
                                                                                                          0x02bb9298
                                                                                                          0x02bb929b
                                                                                                          0x02bb92a4
                                                                                                          0x02bb92a8
                                                                                                          0x02bb92b0
                                                                                                          0x02bb92bb
                                                                                                          0x02bb92c6
                                                                                                          0x02bb92d1
                                                                                                          0x02bb92dc
                                                                                                          0x02bb92e7
                                                                                                          0x02bb92f2
                                                                                                          0x02bb92fd
                                                                                                          0x02bb930a
                                                                                                          0x02bb931b
                                                                                                          0x02bb931f
                                                                                                          0x02bb9327
                                                                                                          0x02bb9332
                                                                                                          0x02bb933a
                                                                                                          0x02bb9345
                                                                                                          0x02bb9350
                                                                                                          0x02bb935b
                                                                                                          0x02bb9366
                                                                                                          0x02bb936d
                                                                                                          0x02bb9378
                                                                                                          0x02bb938e
                                                                                                          0x02bb9395
                                                                                                          0x02bb93a0
                                                                                                          0x02bb93ab
                                                                                                          0x02bb93b3
                                                                                                          0x02bb93bb
                                                                                                          0x02bb93c3
                                                                                                          0x02bb93c8
                                                                                                          0x02bb93d0
                                                                                                          0x02bb93db
                                                                                                          0x02bb93e3
                                                                                                          0x02bb93ee
                                                                                                          0x02bb93f9
                                                                                                          0x02bb940c
                                                                                                          0x02bb940d
                                                                                                          0x02bb9414
                                                                                                          0x02bb941f
                                                                                                          0x02bb9427
                                                                                                          0x02bb942f
                                                                                                          0x02bb9437
                                                                                                          0x02bb943f
                                                                                                          0x02bb9447
                                                                                                          0x02bb944f
                                                                                                          0x02bb9454
                                                                                                          0x02bb9459
                                                                                                          0x02bb945e
                                                                                                          0x02bb9466
                                                                                                          0x02bb9471
                                                                                                          0x02bb947a
                                                                                                          0x02bb9481
                                                                                                          0x02bb948c
                                                                                                          0x02bb9497
                                                                                                          0x02bb94a2
                                                                                                          0x02bb94ad
                                                                                                          0x02bb94ba
                                                                                                          0x02bb94be
                                                                                                          0x02bb94cb
                                                                                                          0x02bb94d1
                                                                                                          0x02bb94d9
                                                                                                          0x02bb94e4
                                                                                                          0x02bb94ef
                                                                                                          0x02bb94fa
                                                                                                          0x02bb9505
                                                                                                          0x02bb950d
                                                                                                          0x02bb9518
                                                                                                          0x02bb9520
                                                                                                          0x02bb9525
                                                                                                          0x02bb9529
                                                                                                          0x02bb952e
                                                                                                          0x02bb9536
                                                                                                          0x02bb9541
                                                                                                          0x02bb954c
                                                                                                          0x02bb9557
                                                                                                          0x02bb9562
                                                                                                          0x02bb9577
                                                                                                          0x02bb957a
                                                                                                          0x02bb9581
                                                                                                          0x02bb958c
                                                                                                          0x02bb9599
                                                                                                          0x02bb959d
                                                                                                          0x02bb95aa
                                                                                                          0x02bb95ae
                                                                                                          0x02bb95b6
                                                                                                          0x02bb95c1
                                                                                                          0x02bb95c9
                                                                                                          0x02bb95d4
                                                                                                          0x02bb95df
                                                                                                          0x02bb95ea
                                                                                                          0x02bb95f5
                                                                                                          0x02bb9600
                                                                                                          0x02bb960b
                                                                                                          0x02bb9616
                                                                                                          0x02bb9621
                                                                                                          0x02bb962c
                                                                                                          0x02bb9637
                                                                                                          0x02bb9642
                                                                                                          0x02bb9658
                                                                                                          0x02bb965f
                                                                                                          0x02bb966a
                                                                                                          0x02bb9672
                                                                                                          0x02bb967e
                                                                                                          0x02bb9683
                                                                                                          0x02bb9689
                                                                                                          0x02bb9691
                                                                                                          0x02bb9699
                                                                                                          0x02bb96a4
                                                                                                          0x02bb96af
                                                                                                          0x02bb96c1
                                                                                                          0x02bb96c4
                                                                                                          0x02bb96cb
                                                                                                          0x02bb96d6
                                                                                                          0x02bb96e1
                                                                                                          0x02bb96ec
                                                                                                          0x02bb96f7
                                                                                                          0x02bb970a
                                                                                                          0x02bb9711
                                                                                                          0x02bb971c
                                                                                                          0x02bb9724
                                                                                                          0x02bb972c
                                                                                                          0x02bb9734
                                                                                                          0x02bb973c
                                                                                                          0x02bb9744
                                                                                                          0x02bb9751
                                                                                                          0x02bb975c
                                                                                                          0x02bb9767
                                                                                                          0x02bb976f
                                                                                                          0x02bb9774
                                                                                                          0x02bb9779
                                                                                                          0x02bb9781
                                                                                                          0x02bb9789
                                                                                                          0x02bb9794
                                                                                                          0x02bb979f
                                                                                                          0x02bb97aa
                                                                                                          0x02bb97c0
                                                                                                          0x02bb97c9
                                                                                                          0x02bb97d4
                                                                                                          0x02bb97df
                                                                                                          0x02bb97ea
                                                                                                          0x02bb97f2
                                                                                                          0x02bb97fd
                                                                                                          0x02bb9805
                                                                                                          0x02bb980a
                                                                                                          0x02bb980f
                                                                                                          0x02bb9817
                                                                                                          0x02bb981f
                                                                                                          0x02bb982a
                                                                                                          0x02bb9835
                                                                                                          0x02bb9840
                                                                                                          0x02bb984b
                                                                                                          0x02bb9856
                                                                                                          0x02bb9861
                                                                                                          0x02bb986c
                                                                                                          0x02bb9874
                                                                                                          0x02bb987c
                                                                                                          0x02bb9887
                                                                                                          0x02bb9892
                                                                                                          0x02bb989d
                                                                                                          0x02bb98a8
                                                                                                          0x02bb98b3
                                                                                                          0x02bb98be
                                                                                                          0x02bb98c9
                                                                                                          0x02bb98db
                                                                                                          0x02bb98e0
                                                                                                          0x02bb98e9
                                                                                                          0x02bb98f4
                                                                                                          0x02bb9907
                                                                                                          0x02bb990a
                                                                                                          0x02bb9919
                                                                                                          0x02bb9920
                                                                                                          0x02bb992b
                                                                                                          0x02bb9941
                                                                                                          0x02bb9948
                                                                                                          0x02bb9953
                                                                                                          0x02bb995f
                                                                                                          0x02bb9962
                                                                                                          0x02bb9966
                                                                                                          0x02bb996b
                                                                                                          0x02bb9973
                                                                                                          0x02bb997b
                                                                                                          0x02bb9986
                                                                                                          0x02bb998e
                                                                                                          0x02bb9996
                                                                                                          0x02bb99a1
                                                                                                          0x02bb99ac
                                                                                                          0x02bb99b7
                                                                                                          0x02bb99bf
                                                                                                          0x02bb99cc
                                                                                                          0x02bb99dc
                                                                                                          0x02bb99e7
                                                                                                          0x02bb99f2
                                                                                                          0x02bb99fd
                                                                                                          0x02bb9a05
                                                                                                          0x02bb9a10
                                                                                                          0x02bb9a24
                                                                                                          0x02bb9a29
                                                                                                          0x02bb9a30
                                                                                                          0x02bb9a37
                                                                                                          0x02bb9a42
                                                                                                          0x02bb9a4d
                                                                                                          0x02bb9a55
                                                                                                          0x02bb9a5d
                                                                                                          0x02bb9a65
                                                                                                          0x02bb9a6a
                                                                                                          0x02bb9a72
                                                                                                          0x02bb9a7d
                                                                                                          0x02bb9a88
                                                                                                          0x02bb9a93
                                                                                                          0x02bb9aa7
                                                                                                          0x02bb9aac
                                                                                                          0x02bb9ab3
                                                                                                          0x02bb9ac3
                                                                                                          0x02bb9aca
                                                                                                          0x02bb9aca
                                                                                                          0x02bb9ad5
                                                                                                          0x02bb9ad5
                                                                                                          0x02bb9ad5
                                                                                                          0x02bb9ad5
                                                                                                          0x02bb9adb
                                                                                                          0x02bb9adb
                                                                                                          0x02bb9ae1
                                                                                                          0x02bb9ae1
                                                                                                          0x02bba3f3
                                                                                                          0x02bba406
                                                                                                          0x02bba40d
                                                                                                          0x02bba40d
                                                                                                          0x02bb9ae7
                                                                                                          0x02bb9aed
                                                                                                          0x02bb9d2c
                                                                                                          0x02bb9d32
                                                                                                          0x02bb9e70
                                                                                                          0x02bb9e76
                                                                                                          0x02bb9f12
                                                                                                          0x02bb9f17
                                                                                                          0x02bb9ad5
                                                                                                          0x02bb9ad5
                                                                                                          0x02bb9ad5
                                                                                                          0x02bb9adb
                                                                                                          0x02bb9adb
                                                                                                          0x00000000
                                                                                                          0x02bb9adb
                                                                                                          0x00000000
                                                                                                          0x02bb9ad5
                                                                                                          0x02bb9e7c
                                                                                                          0x02bb9e82
                                                                                                          0x02bb9efc
                                                                                                          0x02bb9f01
                                                                                                          0x00000000
                                                                                                          0x02bb9f01
                                                                                                          0x02bb9e84
                                                                                                          0x02bb9e8a
                                                                                                          0x02bb9ed0
                                                                                                          0x02bb9edc
                                                                                                          0x02bb9ee5
                                                                                                          0x02bb9eed
                                                                                                          0x00000000
                                                                                                          0x02bb9eed
                                                                                                          0x02bb9e8c
                                                                                                          0x02bb9e92
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bb9ea6
                                                                                                          0x02bb9eaf
                                                                                                          0x02bb9eb7
                                                                                                          0x00000000
                                                                                                          0x02bb9eb7
                                                                                                          0x02bb9d38
                                                                                                          0x02bb9e5a
                                                                                                          0x02bb9e63
                                                                                                          0x02bb9e65
                                                                                                          0x02bb9c17
                                                                                                          0x02bb9c17
                                                                                                          0x00000000
                                                                                                          0x02bb9c17
                                                                                                          0x02bb9d3e
                                                                                                          0x02bb9d44
                                                                                                          0x02bb9e3c
                                                                                                          0x02bb9e41
                                                                                                          0x02bb9e43
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bb9e49
                                                                                                          0x00000000
                                                                                                          0x02bb9e49
                                                                                                          0x02bb9d4a
                                                                                                          0x02bb9d50
                                                                                                          0x02bb9e0f
                                                                                                          0x02bb9e14
                                                                                                          0x02bb9e1b
                                                                                                          0x02bb9e23
                                                                                                          0x00000000
                                                                                                          0x02bb9e23
                                                                                                          0x02bb9d52
                                                                                                          0x02bb9d58
                                                                                                          0x02bb9db7
                                                                                                          0x02bb9dbe
                                                                                                          0x02bb9dc3
                                                                                                          0x00000000
                                                                                                          0x02bb9dc3
                                                                                                          0x02bb9d5a
                                                                                                          0x02bb9d60
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bb9d82
                                                                                                          0x02bb9d9e
                                                                                                          0x02bb9da3
                                                                                                          0x02bb9da6
                                                                                                          0x02bb9dad
                                                                                                          0x00000000
                                                                                                          0x02bb9dad
                                                                                                          0x02bb9af3
                                                                                                          0x02bb9d15
                                                                                                          0x02bb9d1a
                                                                                                          0x02bb9d1c
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bb9d22
                                                                                                          0x00000000
                                                                                                          0x02bb9d22
                                                                                                          0x02bb9af9
                                                                                                          0x02bb9aff
                                                                                                          0x02bb9c82
                                                                                                          0x02bb9c88
                                                                                                          0x02bba3dc
                                                                                                          0x00000000
                                                                                                          0x02bba3e2
                                                                                                          0x02bb9c8e
                                                                                                          0x02bb9c94
                                                                                                          0x02bb9cf8
                                                                                                          0x02bb9cfd
                                                                                                          0x00000000
                                                                                                          0x02bb9cfd
                                                                                                          0x02bb9c96
                                                                                                          0x02bb9c9c
                                                                                                          0x02bb9cdb
                                                                                                          0x02bb9ce0
                                                                                                          0x02bb9ce7
                                                                                                          0x00000000
                                                                                                          0x02bb9ce7
                                                                                                          0x02bb9c9e
                                                                                                          0x02bb9ca4
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bb9cc3
                                                                                                          0x02bb9cca
                                                                                                          0x02bb9cca
                                                                                                          0x00000000
                                                                                                          0x02bb9cca
                                                                                                          0x02bb9b05
                                                                                                          0x02bb9c63
                                                                                                          0x02bb9c68
                                                                                                          0x02bb9c6f
                                                                                                          0x02bb9c77
                                                                                                          0x00000000
                                                                                                          0x02bb9c77
                                                                                                          0x02bb9b11
                                                                                                          0x02bb9bf6
                                                                                                          0x02bb9bfb
                                                                                                          0x02bb9bfd
                                                                                                          0x02bb9c26
                                                                                                          0x02bb9c2f
                                                                                                          0x02bb9c37
                                                                                                          0x00000000
                                                                                                          0x02bb9c37
                                                                                                          0x02bb9c06
                                                                                                          0x02bb9c0f
                                                                                                          0x02bb9c11
                                                                                                          0x02bb9c11
                                                                                                          0x00000000
                                                                                                          0x02bb9c11
                                                                                                          0x02bb9b1d
                                                                                                          0x02bb9bd1
                                                                                                          0x02bb9bd6
                                                                                                          0x02bb9bd8
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bb9bde
                                                                                                          0x00000000
                                                                                                          0x02bb9bde
                                                                                                          0x02bb9b29
                                                                                                          0x02bb9b61
                                                                                                          0x02bb9b68
                                                                                                          0x02bb9bbc
                                                                                                          0x02bb9bbc
                                                                                                          0x00000000
                                                                                                          0x02bb9bbc
                                                                                                          0x02bb9b95
                                                                                                          0x02bb9b9a
                                                                                                          0x02bb9b9d
                                                                                                          0x02bb9ba4
                                                                                                          0x02bb9bb7
                                                                                                          0x00000000
                                                                                                          0x02bb9ba6
                                                                                                          0x02bb9ba6
                                                                                                          0x00000000
                                                                                                          0x02bb9ba6
                                                                                                          0x02bb9ba4
                                                                                                          0x02bb9b31
                                                                                                          0x00000000
                                                                                                          0x02bb9b37
                                                                                                          0x02bb9b50
                                                                                                          0x02bb9b57
                                                                                                          0x00000000
                                                                                                          0x02bb9b57
                                                                                                          0x02bb9f21
                                                                                                          0x02bb9f21
                                                                                                          0x02bb9f27
                                                                                                          0x02bba137
                                                                                                          0x02bba13d
                                                                                                          0x02bba284
                                                                                                          0x02bba28a
                                                                                                          0x02bba3af
                                                                                                          0x02bba3b4
                                                                                                          0x00000000
                                                                                                          0x02bba3b4
                                                                                                          0x02bba290
                                                                                                          0x02bba296
                                                                                                          0x02bba399
                                                                                                          0x02bba39e
                                                                                                          0x00000000
                                                                                                          0x02bba39e
                                                                                                          0x02bba29c
                                                                                                          0x02bba2a2
                                                                                                          0x02bba2db
                                                                                                          0x02bba2fd
                                                                                                          0x02bba319
                                                                                                          0x02bba325
                                                                                                          0x02bba33b
                                                                                                          0x02bba356
                                                                                                          0x02bba381
                                                                                                          0x02bba386
                                                                                                          0x02bba386
                                                                                                          0x00000000
                                                                                                          0x02bba2a2
                                                                                                          0x02bba143
                                                                                                          0x02bba27a
                                                                                                          0x00000000
                                                                                                          0x02bba27a
                                                                                                          0x02bba149
                                                                                                          0x02bba14f
                                                                                                          0x02bba1dd
                                                                                                          0x02bba1e2
                                                                                                          0x02bba1e7
                                                                                                          0x02bba1ea
                                                                                                          0x02bba1ec
                                                                                                          0x02bba1f4
                                                                                                          0x02bba1fb
                                                                                                          0x02bba1fd
                                                                                                          0x02bba218
                                                                                                          0x02bba219
                                                                                                          0x02bba22a
                                                                                                          0x02bba22c
                                                                                                          0x02bba22f
                                                                                                          0x02bba22f
                                                                                                          0x02bba236
                                                                                                          0x02bba239
                                                                                                          0x02bba254
                                                                                                          0x02bba255
                                                                                                          0x02bba264
                                                                                                          0x02bba269
                                                                                                          0x02bba26c
                                                                                                          0x02bba26c
                                                                                                          0x02bba1ee
                                                                                                          0x02bba1ee
                                                                                                          0x02bba1ee
                                                                                                          0x02bba26e
                                                                                                          0x02bba270
                                                                                                          0x00000000
                                                                                                          0x02bba270
                                                                                                          0x02bba151
                                                                                                          0x02bba153
                                                                                                          0x02bba1b4
                                                                                                          0x02bba1b9
                                                                                                          0x02bba1ba
                                                                                                          0x00000000
                                                                                                          0x02bba1ba
                                                                                                          0x02bba155
                                                                                                          0x02bba15b
                                                                                                          0x02bba18c
                                                                                                          0x02bba191
                                                                                                          0x02bba198
                                                                                                          0x00000000
                                                                                                          0x02bba198
                                                                                                          0x02bba15d
                                                                                                          0x02bba163
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bba169
                                                                                                          0x02bba170
                                                                                                          0x02bba172
                                                                                                          0x00000000
                                                                                                          0x02bba172
                                                                                                          0x02bb9f2d
                                                                                                          0x02bba121
                                                                                                          0x02bba126
                                                                                                          0x02bba12d
                                                                                                          0x00000000
                                                                                                          0x02bba12d
                                                                                                          0x02bb9f33
                                                                                                          0x02bb9f39
                                                                                                          0x02bb9fd2
                                                                                                          0x02bb9fd8
                                                                                                          0x02bba106
                                                                                                          0x02bba10b
                                                                                                          0x02bba10d
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bba113
                                                                                                          0x00000000
                                                                                                          0x02bba113
                                                                                                          0x02bb9fde
                                                                                                          0x02bb9fe4
                                                                                                          0x02bba0e4
                                                                                                          0x02bba0e9
                                                                                                          0x02bba0eb
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bba0f1
                                                                                                          0x00000000
                                                                                                          0x02bba0f1
                                                                                                          0x02bb9fea
                                                                                                          0x02bb9ff0
                                                                                                          0x02bba066
                                                                                                          0x02bba06d
                                                                                                          0x02bba072
                                                                                                          0x02bba075
                                                                                                          0x02bba077
                                                                                                          0x02bba0b0
                                                                                                          0x02bba0b7
                                                                                                          0x02bba0ba
                                                                                                          0x02bba0c6
                                                                                                          0x02bba0c8
                                                                                                          0x02bba0d3
                                                                                                          0x02bba0d3
                                                                                                          0x00000000
                                                                                                          0x02bba0d3
                                                                                                          0x02bba0ca
                                                                                                          0x02bba0cd
                                                                                                          0x02bb9f85
                                                                                                          0x02bb9f85
                                                                                                          0x00000000
                                                                                                          0x02bb9f85
                                                                                                          0x00000000
                                                                                                          0x02bba0cd
                                                                                                          0x02bba0bc
                                                                                                          0x00000000
                                                                                                          0x02bba0bc
                                                                                                          0x02bba08f
                                                                                                          0x02bba090
                                                                                                          0x02bba09f
                                                                                                          0x02bba0a4
                                                                                                          0x02bba0a7
                                                                                                          0x02bba0a9
                                                                                                          0x00000000
                                                                                                          0x02bba0a9
                                                                                                          0x02bb9ff2
                                                                                                          0x02bb9ff8
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bba00c
                                                                                                          0x02bba015
                                                                                                          0x02bba029
                                                                                                          0x02bba02a
                                                                                                          0x02bba039
                                                                                                          0x02bba03e
                                                                                                          0x02bba041
                                                                                                          0x00000000
                                                                                                          0x02bba041
                                                                                                          0x02bb9f3f
                                                                                                          0x02bb9fc3
                                                                                                          0x02bb9fc8
                                                                                                          0x00000000
                                                                                                          0x02bb9fc8
                                                                                                          0x02bb9f41
                                                                                                          0x02bb9f47
                                                                                                          0x02bba401
                                                                                                          0x00000000
                                                                                                          0x02bba401
                                                                                                          0x02bb9f4d
                                                                                                          0x02bb9f53
                                                                                                          0x02bb9fb0
                                                                                                          0x02bb9fb5
                                                                                                          0x00000000
                                                                                                          0x02bb9fb5
                                                                                                          0x02bb9f55
                                                                                                          0x02bb9f5b
                                                                                                          0x02bb9f9a
                                                                                                          0x02bb9f9f
                                                                                                          0x00000000
                                                                                                          0x02bb9f9f
                                                                                                          0x02bb9f5d
                                                                                                          0x02bb9f63
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bb9f70
                                                                                                          0x02bb9f75
                                                                                                          0x02bb9f77
                                                                                                          0x02bb9f80
                                                                                                          0x02bb9f80
                                                                                                          0x00000000
                                                                                                          0x02bb9f77
                                                                                                          0x02bba3b9
                                                                                                          0x02bba3b9
                                                                                                          0x00000000

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: C$"{6$+>$.MZ$/1$08s%$3}$;w$AW$BO6$C"$C"$Jvmw$Kx!$LNe$Q2N$Reo$S$Tvs$Uj`$W?n$XG$_1$jmI$s2O$t0+$t$|V$E$F$L}
                                                                                                          • API String ID: 0-3734606162
                                                                                                          • Opcode ID: 9e77e9a235966a132fcb1e79952717ec25c36a9954812e4a3af4fb8abbfb598b
                                                                                                          • Instruction ID: 3d5f8d241d2db0638c02c87b856826b07e737c10827b5f1a57a9782b0dac3b32
                                                                                                          • Opcode Fuzzy Hash: 9e77e9a235966a132fcb1e79952717ec25c36a9954812e4a3af4fb8abbfb598b
                                                                                                          • Instruction Fuzzy Hash: 52E200719083818BD3B9CF25C58AADFBBE1BF85318F10895DE5DD96260DBB08949CF42
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BBA871, Relevance: 24.4, Strings: 19, Instructions: 646COMMONCrypto
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 263 2bba871-2bbb3ee call 2bd1f6d 266 2bbb3f0-2bbb3f6 263->266 267 2bbb679-2bbb67f 266->267 268 2bbb3fc 266->268 271 2bbb7ba-2bbb7de call 2bd0a64 267->271 272 2bbb685-2bbb68b 267->272 269 2bbb652-2bbb674 call 2bd2b09 268->269 270 2bbb402-2bbb408 268->270 269->266 273 2bbb40e-2bbb414 270->273 274 2bbb5b7-2bbb64d call 2bce1f8 call 2bd44ad call 2bcfecb 270->274 294 2bbb7ea 271->294 295 2bbb7e0-2bbb7e5 271->295 276 2bbb691-2bbb697 272->276 277 2bbb780-2bbb7b5 call 2bcd8db 272->277 279 2bbb57a-2bbb5b2 call 2bc85ff 273->279 280 2bbb41a-2bbb420 273->280 274->266 283 2bbb73d-2bbb77b call 2bb1a34 276->283 284 2bbb69d-2bbb6a3 276->284 277->266 279->266 288 2bbb45f-2bbb56a call 2bd0db1 call 2bc09dd call 2bbbaa9 call 2bce1f8 call 2bd2d0a call 2bcfecb call 2bbbfbe 280->288 289 2bbb422-2bbb428 280->289 283->266 292 2bbb6a9-2bbb72d call 2bc0cf9 call 2bc00c5 call 2bbf726 284->292 293 2bbb7ef-2bbb7f5 284->293 308 2bbb815-2bbb81f 288->308 333 2bbb570-2bbb575 288->333 298 2bbb42e-2bbb434 289->298 299 2bbb7fd-2bbb814 call 2bd1538 289->299 292->308 324 2bbb733-2bbb738 292->324 293->266 303 2bbb7fb 293->303 294->293 295->266 298->293 305 2bbb43a-2bbb45d call 2bd2b09 298->305 299->308 303->308 305->266 324->266 333->266
                                                                                                          C-Code - Quality: 95%
                                                                                                          			E02BBA871(void* __ecx) {
				char _v524;
				char _v1044;
				char _v1564;
				char _v2084;
				char _v2604;
				signed int _v2608;
				signed int _v2612;
				intOrPtr _v2616;
				intOrPtr _v2620;
				intOrPtr _v2624;
				char _v2628;
				intOrPtr _v2632;
				char _v2636;
				signed int _v2640;
				signed int _v2644;
				signed int _v2648;
				signed int _v2652;
				signed int _v2656;
				signed int _v2660;
				signed int _v2664;
				signed int _v2668;
				signed int _v2672;
				signed int _v2676;
				signed int _v2680;
				signed int _v2684;
				signed int _v2688;
				signed int _v2692;
				signed int _v2696;
				signed int _v2700;
				signed int _v2704;
				signed int _v2708;
				signed int _v2712;
				signed int _v2716;
				signed int _v2720;
				signed int _v2724;
				signed int _v2728;
				signed int _v2732;
				signed int _v2736;
				signed int _v2740;
				signed int _v2744;
				signed int _v2748;
				signed int _v2752;
				signed int _v2756;
				signed int _v2760;
				unsigned int _v2764;
				signed int _v2768;
				signed int _v2772;
				signed int _v2776;
				signed int _v2780;
				signed int _v2784;
				signed int _v2788;
				signed int _v2792;
				signed int _v2796;
				signed int _v2800;
				signed int _v2804;
				signed int _v2808;
				signed int _v2812;
				signed int _v2816;
				signed int _v2820;
				signed int _v2824;
				signed int _v2828;
				signed int _v2832;
				signed int _v2836;
				signed int _v2840;
				signed int _v2844;
				signed int _v2848;
				signed int _v2852;
				signed int _v2856;
				signed int _v2860;
				signed int _v2864;
				signed int _v2868;
				signed int _v2872;
				signed int _v2876;
				signed int _v2880;
				signed int _v2884;
				signed int _v2888;
				signed int _v2892;
				signed int _v2896;
				signed int _v2900;
				signed int _v2904;
				signed int _v2908;
				signed int _v2912;
				signed int _v2916;
				signed int _v2920;
				signed int _v2924;
				signed int _v2928;
				signed int _v2932;
				void* _t731;
				signed int _t732;
				signed int _t733;
				signed int _t743;
				signed int _t758;
				void* _t761;
				signed int _t763;
				signed int _t764;
				signed int _t765;
				signed int _t766;
				signed int _t767;
				signed int _t768;
				signed int _t769;
				signed int _t770;
				signed int _t771;
				signed int _t772;
				signed int _t773;
				signed int _t774;
				signed int _t775;
				signed int _t776;
				signed int _t777;
				signed int _t778;
				signed int _t779;
				signed int _t780;
				signed int _t783;
				void* _t804;
				void* _t861;
				signed int _t865;
				void* _t867;
				signed int* _t868;
				void* _t874;

				_t868 =  &_v2932;
				_v2612 = _v2612 & 0x00000000;
				_v2608 = _v2608 & 0x00000000;
				_v2616 = 0x74b642;
				_v2776 = 0xf885ca;
				_v2776 = _v2776 | 0xffdfd4be;
				_v2776 = _v2776 ^ 0xffffd5d7;
				_v2704 = 0xd88538;
				_v2704 = _v2704 + 0xebcf;
				_v2704 = _v2704 ^ 0x00c97107;
				_v2800 = 0xd52646;
				_v2800 = _v2800 ^ 0xe8dc52fe;
				_v2800 = _v2800 + 0xffffe935;
				_v2800 = _v2800 ^ 0xe804d8f6;
				_v2688 = 0xbafe67;
				_v2688 = _v2688 + 0x9481;
				_v2688 = _v2688 ^ 0x00b13019;
				_v2884 = 0x3d12e1;
				_v2884 = _v2884 << 1;
				_v2884 = _v2884 * 0x55;
				_t867 = __ecx;
				_t861 = 0xbf2cce3;
				_t763 = 0x73;
				_v2884 = _v2884 * 0xf;
				_v2884 = _v2884 ^ 0x605e8f7b;
				_v2696 = 0xf649d9;
				_v2696 = _v2696 / _t763;
				_v2696 = _v2696 ^ 0x000dd9df;
				_v2764 = 0x4a6242;
				_v2764 = _v2764 + 0xffff45cb;
				_v2764 = _v2764 >> 0xc;
				_v2764 = _v2764 ^ 0x000572e2;
				_v2784 = 0x8333a2;
				_t764 = 0x2e;
				_v2784 = _v2784 / _t764;
				_v2784 = _v2784 + 0xffffe135;
				_v2784 = _v2784 ^ 0x0005b928;
				_v2852 = 0xf9a739;
				_v2852 = _v2852 | 0x42d1f5c6;
				_v2852 = _v2852 + 0xfffff01c;
				_v2852 = _v2852 ^ 0x42f87d02;
				_v2896 = 0x31e192;
				_v2896 = _v2896 << 0xa;
				_v2896 = _v2896 << 0xa;
				_t765 = 0xb;
				_v2896 = _v2896 * 0x26;
				_v2896 = _v2896 ^ 0xbac011ee;
				_v2928 = 0xcde58e;
				_v2928 = _v2928 | 0x2bdbfaea;
				_v2928 = _v2928 << 8;
				_v2928 = _v2928 | 0x4ddc4764;
				_v2928 = _v2928 ^ 0xdffb1335;
				_v2740 = 0xd63953;
				_v2740 = _v2740 + 0x5c5c;
				_v2740 = _v2740 ^ 0x00d7db1f;
				_v2844 = 0x6db889;
				_v2844 = _v2844 + 0x1eed;
				_v2844 = _v2844 / _t765;
				_v2844 = _v2844 ^ 0x0002c3cf;
				_v2796 = 0x98820d;
				_v2796 = _v2796 | 0x8cff8acf;
				_t766 = 0x43;
				_v2796 = _v2796 / _t766;
				_v2796 = _v2796 ^ 0x021946ce;
				_v2668 = 0x18627d;
				_t767 = 7;
				_v2668 = _v2668 / _t767;
				_v2668 = _v2668 ^ 0x00044156;
				_v2772 = 0x2c7378;
				_v2772 = _v2772 >> 0xb;
				_v2772 = _v2772 >> 6;
				_v2772 = _v2772 ^ 0x000b6d9a;
				_v2880 = 0xd4c7fd;
				_t768 = 0x7b;
				_v2880 = _v2880 / _t768;
				_v2880 = _v2880 + 0xffffaacc;
				_t769 = 0x22;
				_v2880 = _v2880 * 0x2f;
				_v2880 = _v2880 ^ 0x00480dcd;
				_v2920 = 0xe4d6f8;
				_v2920 = _v2920 * 0x42;
				_v2920 = _v2920 + 0xa0b6;
				_v2920 = _v2920 << 8;
				_v2920 = _v2920 ^ 0x000574ec;
				_v2640 = 0xd6ae6b;
				_v2640 = _v2640 | 0xbe6f316b;
				_v2640 = _v2640 ^ 0xbefadf9c;
				_v2836 = 0x6fb4;
				_v2836 = _v2836 + 0xffffc368;
				_v2836 = _v2836 >> 0x10;
				_v2836 = _v2836 ^ 0x0009680a;
				_v2724 = 0x8b61bc;
				_v2724 = _v2724 * 0x75;
				_v2724 = _v2724 ^ 0x3fbdc7d4;
				_v2912 = 0x753704;
				_v2912 = _v2912 >> 0xb;
				_v2912 = _v2912 + 0xd457;
				_v2912 = _v2912 << 1;
				_v2912 = _v2912 ^ 0x000d652f;
				_v2716 = 0xde59a0;
				_v2716 = _v2716 + 0xffff5778;
				_v2716 = _v2716 ^ 0x00d8a7a4;
				_v2752 = 0x428dcf;
				_v2752 = _v2752 / _t769;
				_v2752 = _v2752 | 0x08d5d60c;
				_v2752 = _v2752 ^ 0x08d7d48c;
				_v2828 = 0xe83a42;
				_v2828 = _v2828 ^ 0x1f3eb5e2;
				_v2828 = _v2828 * 0x7e;
				_v2828 = _v2828 ^ 0xab9e63e1;
				_v2788 = 0x69d445;
				_v2788 = _v2788 | 0x87a4a8ed;
				_v2788 = _v2788 ^ 0x9a4d3e24;
				_v2788 = _v2788 ^ 0x1da0be74;
				_v2888 = 0x7663d0;
				_v2888 = _v2888 | 0x8f53a1f3;
				_v2888 = _v2888 >> 0xf;
				_v2888 = _v2888 * 0xa;
				_v2888 = _v2888 ^ 0x000d5ba1;
				_v2644 = 0x20e74e;
				_v2644 = _v2644 | 0x742f98e9;
				_v2644 = _v2644 ^ 0x74210d1b;
				_v2904 = 0xfccdb4;
				_t770 = 0xd;
				_v2904 = _v2904 * 0x7c;
				_v2904 = _v2904 >> 0xd;
				_v2904 = _v2904 | 0x17cf49de;
				_v2904 = _v2904 ^ 0x17c7aae5;
				_v2708 = 0xc1d2f2;
				_v2708 = _v2708 + 0xffff5a94;
				_v2708 = _v2708 ^ 0x00cb5d75;
				_v2660 = 0x58d6fe;
				_v2660 = _v2660 + 0x639e;
				_v2660 = _v2660 ^ 0x00518056;
				_v2652 = 0x6bd84b;
				_v2652 = _v2652 + 0xb95a;
				_v2652 = _v2652 ^ 0x00624667;
				_v2700 = 0xf92c4f;
				_v2700 = _v2700 * 0x75;
				_v2700 = _v2700 ^ 0x71e1c3ce;
				_v2892 = 0xd4714c;
				_v2892 = _v2892 + 0xffffadfa;
				_v2892 = _v2892 + 0xd7d2;
				_v2892 = _v2892 << 2;
				_v2892 = _v2892 ^ 0x0358083c;
				_v2900 = 0xca6485;
				_v2900 = _v2900 ^ 0x66674751;
				_v2900 = _v2900 | 0x9fb8fe7f;
				_v2900 = _v2900 ^ 0xffb729be;
				_v2824 = 0x9c46e2;
				_v2824 = _v2824 / _t770;
				_t771 = 0x6e;
				_v2824 = _v2824 * 7;
				_v2824 = _v2824 ^ 0x005409ff;
				_v2832 = 0x773d17;
				_v2832 = _v2832 >> 0xe;
				_v2832 = _v2832 + 0x6313;
				_v2832 = _v2832 ^ 0x000d17fa;
				_v2792 = 0x3014cc;
				_v2792 = _v2792 + 0xffff152c;
				_v2792 = _v2792 + 0xffff3bdf;
				_v2792 = _v2792 ^ 0x002eea21;
				_v2864 = 0x76e575;
				_v2864 = _v2864 | 0xb1b1a986;
				_v2864 = _v2864 * 0x79;
				_v2864 = _v2864 ^ 0x1e28dcc7;
				_v2712 = 0xf7e6ad;
				_v2712 = _v2712 * 0xb;
				_v2712 = _v2712 ^ 0x0aae7ee0;
				_v2808 = 0xd4cb39;
				_v2808 = _v2808 * 0x50;
				_v2808 = _v2808 * 0x75;
				_v2808 = _v2808 ^ 0x6440f87f;
				_v2720 = 0x360163;
				_v2720 = _v2720 + 0xffffc3fc;
				_v2720 = _v2720 ^ 0x0035ed30;
				_v2816 = 0xf63972;
				_v2816 = _v2816 / _t771;
				_v2816 = _v2816 + 0xffff69c4;
				_v2816 = _v2816 ^ 0x0001f3af;
				_v2728 = 0x218a6d;
				_v2728 = _v2728 | 0x0e9fd07f;
				_v2728 = _v2728 ^ 0x0eb1edc0;
				_v2756 = 0x58a84f;
				_v2756 = _v2756 * 0x22;
				_t772 = 0x3d;
				_v2756 = _v2756 / _t772;
				_v2756 = _v2756 ^ 0x0033367e;
				_v2680 = 0x526d89;
				_v2680 = _v2680 << 3;
				_v2680 = _v2680 ^ 0x02908fe9;
				_v2876 = 0xb95aa0;
				_t773 = 0x6f;
				_v2876 = _v2876 / _t773;
				_v2876 = _v2876 + 0x7ba5;
				_v2876 = _v2876 | 0x4bff3dbe;
				_v2876 = _v2876 ^ 0x4bf5695e;
				_v2748 = 0x470f02;
				_t774 = 0x6a;
				_v2748 = _v2748 / _t774;
				_v2748 = _v2748 ^ 0x394a4d48;
				_v2748 = _v2748 ^ 0x39498008;
				_v2684 = 0xb8f542;
				_v2684 = _v2684 * 0x66;
				_v2684 = _v2684 ^ 0x49b10479;
				_v2812 = 0x4a6932;
				_v2812 = _v2812 >> 7;
				_v2812 = _v2812 ^ 0xe4afcb01;
				_v2812 = _v2812 ^ 0xe4ae05c3;
				_v2932 = 0xa851a7;
				_v2932 = _v2932 * 0x2b;
				_v2932 = _v2932 ^ 0x9481cb07;
				_v2932 = _v2932 >> 6;
				_v2932 = _v2932 ^ 0x02246e93;
				_v2872 = 0x6bc7af;
				_v2872 = _v2872 ^ 0x3226b467;
				_v2872 = _v2872 * 0x1e;
				_v2872 = _v2872 << 0xb;
				_v2872 = _v2872 ^ 0x9c8deb19;
				_v2860 = 0x8556fb;
				_v2860 = _v2860 | 0x69e02514;
				_v2860 = _v2860 + 0xedcb;
				_v2860 = _v2860 ^ 0x69e8258b;
				_v2676 = 0xb187db;
				_v2676 = _v2676 << 0xb;
				_v2676 = _v2676 ^ 0x8c3acae2;
				_v2656 = 0xd34daf;
				_v2656 = _v2656 >> 0xe;
				_v2656 = _v2656 ^ 0x0009be95;
				_v2804 = 0x3574a6;
				_v2804 = _v2804 >> 9;
				_v2804 = _v2804 * 0x2a;
				_v2804 = _v2804 ^ 0x00009063;
				_v2760 = 0x8f0143;
				_v2760 = _v2760 * 0x43;
				_v2760 = _v2760 >> 3;
				_v2760 = _v2760 ^ 0x04abe301;
				_v2924 = 0x8fc82d;
				_v2924 = _v2924 << 1;
				_v2924 = _v2924 | 0xafdefbbe;
				_v2924 = _v2924 ^ 0xafdce921;
				_v2840 = 0x98b351;
				_v2840 = _v2840 << 0xe;
				_v2840 = _v2840 + 0x39e2;
				_v2840 = _v2840 ^ 0x2cd1b69a;
				_v2648 = 0xefee4b;
				_v2648 = _v2648 + 0xffff46f9;
				_v2648 = _v2648 ^ 0x00ec21a4;
				_v2848 = 0xd96457;
				_v2848 = _v2848 * 0x6c;
				_v2848 = _v2848 ^ 0xa04c0af4;
				_v2848 = _v2848 ^ 0xfbfff8f9;
				_v2856 = 0xd54255;
				_t775 = 0x29;
				_v2856 = _v2856 / _t775;
				_v2856 = _v2856 + 0x5db9;
				_v2856 = _v2856 ^ 0x00024640;
				_v2780 = 0x684df0;
				_v2780 = _v2780 ^ 0x2cfc36b9;
				_v2780 = _v2780 + 0xffffad37;
				_v2780 = _v2780 ^ 0x2c920bcc;
				_v2664 = 0x93e9a1;
				_v2664 = _v2664 ^ 0xb0758ee6;
				_v2664 = _v2664 ^ 0xb0e547c8;
				_v2692 = 0xe0a4a1;
				_v2692 = _v2692 << 0x10;
				_v2692 = _v2692 ^ 0xa4a3a3bd;
				_v2820 = 0x53ca07;
				_t776 = 0x38;
				_v2820 = _v2820 / _t776;
				_v2820 = _v2820 ^ 0x69a52d4a;
				_v2820 = _v2820 ^ 0x69a742e5;
				_v2768 = 0x45adf5;
				_t777 = 0x28;
				_v2768 = _v2768 / _t777;
				_t778 = 0x33;
				_v2768 = _v2768 * 0x6f;
				_v2768 = _v2768 ^ 0x00c7348a;
				_v2672 = 0xa3622d;
				_v2672 = _v2672 * 0x68;
				_v2672 = _v2672 ^ 0x42518aaf;
				_v2732 = 0xe7d257;
				_v2732 = _v2732 << 0xc;
				_v2732 = _v2732 ^ 0x7d2b6ce8;
				_v2908 = 0xb6fcc8;
				_v2908 = _v2908 / _t778;
				_t779 = 0x63;
				_v2908 = _v2908 * 0x4f;
				_v2908 = _v2908 / _t779;
				_v2908 = _v2908 ^ 0x0008aa55;
				_v2736 = 0xa2e201;
				_t780 = 0x24;
				_v2736 = _v2736 / _t780;
				_v2736 = _v2736 ^ 0x0004c10d;
				_v2916 = 0xc480dc;
				_v2916 = _v2916 + 0xffff6830;
				_v2916 = _v2916 << 0xc;
				_v2916 = _v2916 >> 3;
				_v2916 = _v2916 ^ 0x07d4cd30;
				_v2744 = 0x29dac5;
				_v2744 = _v2744 + 0xffff883e;
				_v2744 = _v2744 ^ 0x002f91a3;
				_v2868 = 0xe49a6a;
				_v2868 = _v2868 + 0xb047;
				_v2868 = _v2868 ^ 0x5e8c4957;
				_v2868 = _v2868 * 0x36;
				_v2868 = _v2868 ^ 0xea21adfb;
				_t731 = E02BD1F6D(_t780);
				_t860 = _v2744;
				_t761 = _t731;
				goto L1;
				do {
					while(1) {
						L1:
						_t874 = _t861 - 0x6dbb171;
						if(_t874 > 0) {
							break;
						}
						if(_t874 == 0) {
							E02BD2B09(_v2908, _v2636, _v2736, _v2916);
							_pop(_t783);
							_t861 = 0x240e9e1;
							continue;
						} else {
							if(_t861 == 0xb8f10d) {
								_push(_v2872);
								_push(_v2932);
								_push(_v2812);
								_t865 = E02BCE1F8(0x2bb19bc, _v2684, __eflags);
								E02BD44AD(_v2676, __eflags, _v2656,  &_v1044,  &_v2604, _v2804, _v2760, _t865,  &_v524, _t860, _v2924);
								_t783 = _t865;
								E02BCFECB(_t783, _v2840, _v2648, _v2848, _v2856);
								_t868 =  &(_t868[0xf]);
								_t861 = 0x1618198;
								continue;
							} else {
								if(_t861 == 0x1618198) {
									_push(_t783);
									_t783 = _v2780;
									_t743 = E02BC85FF(_t783, _v2664, __eflags, 0,  &_v1044, 0, _v2692, 1, _v2820);
									_t868 =  &(_t868[7]);
									_t861 = 0x2876e66;
									continue;
								} else {
									if(_t861 == 0x1d2207b) {
										E02BD0DB1(_v2852,  &_v2084, __eflags, _v2896, _t783, _v2928);
										 *((short*)(E02BC09DD(_v2740,  &_v2084, _v2844, _v2796))) = 0;
										E02BBBAA9(_v2668, _v2772, __eflags, _v2880, _v2920,  &_v1564);
										_push(_v2912);
										_push(_v2724);
										_push(_v2836);
										E02BD2D0A(_v2752, __eflags,  &_v1564, _v2828, _v2788, _v2888, 0x2bb188c,  &_v2604,  &_v2084, E02BCE1F8(0x2bb188c, _v2640, __eflags));
										E02BCFECB(_t748, _v2644, _v2904, _v2708, _v2660);
										_t868 =  &(_t868[0x16]);
										_t743 = E02BBBFBE( &_v2604, _t867, _v2700);
										_pop(_t783);
										__eflags = _t743;
										if(__eflags != 0) {
											_t861 = 0xf749c26;
											continue;
										}
									} else {
										if(_t861 == 0x240e9e1) {
											return E02BD1538(_v2744, _v2868, _v2628);
										}
										if(_t861 != 0x2876e66) {
											goto L25;
										} else {
											_t743 = E02BD2B09(_v2768, _t860, _v2672, _v2732);
											_pop(_t783);
											_t861 = 0x6dbb171;
											continue;
										}
										L29:
									}
								}
							}
						}
						L28:
						return _t743;
						goto L29;
					}
					__eflags = _t861 - 0x9e42b00;
					if(_t861 == 0x9e42b00) {
						_t732 = E02BD0A64(_v2632, _v2636, _v2876, _v2748);
						_t860 = _t732;
						_pop(_t783);
						__eflags = _t732;
						if(__eflags == 0) {
							_t861 = 0x6dbb171;
							goto L25;
						} else {
							_t861 = 0xb8f10d;
							goto L1;
						}
						goto L29;
					} else {
						__eflags = _t861 - 0xa108a7f;
						if(_t861 == 0xa108a7f) {
							_t659 =  &_v2756; // 0x33367e
							_t733 = E02BCD8DB( &_v2628,  &_v2636,  *_t659, _v2680);
							asm("sbb esi, esi");
							_pop(_t783);
							_t861 = ( ~_t733 & 0x07a3411f) + 0x240e9e1;
							goto L1;
						} else {
							__eflags = _t861 - 0xbf2cce3;
							if(_t861 == 0xbf2cce3) {
								_t653 =  &_v2764; // 0x33367e
								_t783 = _v2688;
								E02BB1A34(_t783,  &_v524, _t783, _t783, _v2884, _v2696,  *_t653, _t783, _v2776, _v2784);
								_t868 =  &(_t868[8]);
								_t861 = 0x1d2207b;
								goto L1;
							} else {
								__eflags = _t861 - 0xf749c26;
								if(_t861 != 0xf749c26) {
									goto L25;
								} else {
									_v2624 = E02BC0CF9();
									_t758 = E02BC00C5(_t757, _v2824, _v2832);
									_pop(_t804);
									_v2620 = 2 + _t758 * 2;
									_t783 = _v2792;
									_t743 = E02BBF726(_t783, _v2704, _v2864, _t761, _v2712, _t761, _t761, _v2808, _t804,  &_v2628, _v2720, _v2816, _t804, _v2728);
									_t868 =  &(_t868[0xc]);
									__eflags = _t743;
									if(__eflags != 0) {
										_t861 = 0xa108a7f;
										goto L1;
									}
								}
							}
						}
					}
					goto L28;
					L25:
					__eflags = _t861 - 0x7aa6196;
				} while (__eflags != 0);
				return _t743;
			}

























































































































                                                                                                          0x02bba871
                                                                                                          0x02bba877
                                                                                                          0x02bba881
                                                                                                          0x02bba889
                                                                                                          0x02bba894
                                                                                                          0x02bba89f
                                                                                                          0x02bba8aa
                                                                                                          0x02bba8b5
                                                                                                          0x02bba8c0
                                                                                                          0x02bba8cb
                                                                                                          0x02bba8d6
                                                                                                          0x02bba8e1
                                                                                                          0x02bba8ec
                                                                                                          0x02bba8f7
                                                                                                          0x02bba902
                                                                                                          0x02bba90d
                                                                                                          0x02bba918
                                                                                                          0x02bba923
                                                                                                          0x02bba92b
                                                                                                          0x02bba938
                                                                                                          0x02bba93c
                                                                                                          0x02bba943
                                                                                                          0x02bba94a
                                                                                                          0x02bba94d
                                                                                                          0x02bba951
                                                                                                          0x02bba959
                                                                                                          0x02bba96f
                                                                                                          0x02bba976
                                                                                                          0x02bba981
                                                                                                          0x02bba98c
                                                                                                          0x02bba997
                                                                                                          0x02bba99f
                                                                                                          0x02bba9aa
                                                                                                          0x02bba9bc
                                                                                                          0x02bba9c1
                                                                                                          0x02bba9ca
                                                                                                          0x02bba9d5
                                                                                                          0x02bba9e0
                                                                                                          0x02bba9e8
                                                                                                          0x02bba9f0
                                                                                                          0x02bba9f8
                                                                                                          0x02bbaa00
                                                                                                          0x02bbaa08
                                                                                                          0x02bbaa0d
                                                                                                          0x02bbaa17
                                                                                                          0x02bbaa18
                                                                                                          0x02bbaa1c
                                                                                                          0x02bbaa24
                                                                                                          0x02bbaa2c
                                                                                                          0x02bbaa34
                                                                                                          0x02bbaa39
                                                                                                          0x02bbaa41
                                                                                                          0x02bbaa49
                                                                                                          0x02bbaa54
                                                                                                          0x02bbaa5f
                                                                                                          0x02bbaa6a
                                                                                                          0x02bbaa72
                                                                                                          0x02bbaa80
                                                                                                          0x02bbaa84
                                                                                                          0x02bbaa8c
                                                                                                          0x02bbaa97
                                                                                                          0x02bbaaad
                                                                                                          0x02bbaab2
                                                                                                          0x02bbaabb
                                                                                                          0x02bbaac6
                                                                                                          0x02bbaad8
                                                                                                          0x02bbaadd
                                                                                                          0x02bbaae6
                                                                                                          0x02bbaaf1
                                                                                                          0x02bbaafc
                                                                                                          0x02bbab04
                                                                                                          0x02bbab0c
                                                                                                          0x02bbab17
                                                                                                          0x02bbab23
                                                                                                          0x02bbab28
                                                                                                          0x02bbab2e
                                                                                                          0x02bbab3b
                                                                                                          0x02bbab3c
                                                                                                          0x02bbab40
                                                                                                          0x02bbab48
                                                                                                          0x02bbab55
                                                                                                          0x02bbab59
                                                                                                          0x02bbab61
                                                                                                          0x02bbab66
                                                                                                          0x02bbab6e
                                                                                                          0x02bbab79
                                                                                                          0x02bbab84
                                                                                                          0x02bbab8f
                                                                                                          0x02bbab97
                                                                                                          0x02bbab9f
                                                                                                          0x02bbaba4
                                                                                                          0x02bbabac
                                                                                                          0x02bbabbf
                                                                                                          0x02bbabc6
                                                                                                          0x02bbabd1
                                                                                                          0x02bbabd9
                                                                                                          0x02bbabde
                                                                                                          0x02bbabe6
                                                                                                          0x02bbabea
                                                                                                          0x02bbabf2
                                                                                                          0x02bbabfd
                                                                                                          0x02bbac08
                                                                                                          0x02bbac13
                                                                                                          0x02bbac27
                                                                                                          0x02bbac2e
                                                                                                          0x02bbac39
                                                                                                          0x02bbac44
                                                                                                          0x02bbac4c
                                                                                                          0x02bbac59
                                                                                                          0x02bbac5d
                                                                                                          0x02bbac65
                                                                                                          0x02bbac70
                                                                                                          0x02bbac7b
                                                                                                          0x02bbac86
                                                                                                          0x02bbac91
                                                                                                          0x02bbac99
                                                                                                          0x02bbaca1
                                                                                                          0x02bbacab
                                                                                                          0x02bbacaf
                                                                                                          0x02bbacb7
                                                                                                          0x02bbacc2
                                                                                                          0x02bbaccd
                                                                                                          0x02bbacd8
                                                                                                          0x02bbace9
                                                                                                          0x02bbacec
                                                                                                          0x02bbacf0
                                                                                                          0x02bbacf5
                                                                                                          0x02bbacfd
                                                                                                          0x02bbad05
                                                                                                          0x02bbad10
                                                                                                          0x02bbad1b
                                                                                                          0x02bbad26
                                                                                                          0x02bbad31
                                                                                                          0x02bbad3c
                                                                                                          0x02bbad47
                                                                                                          0x02bbad52
                                                                                                          0x02bbad5d
                                                                                                          0x02bbad68
                                                                                                          0x02bbad7b
                                                                                                          0x02bbad82
                                                                                                          0x02bbad8d
                                                                                                          0x02bbad95
                                                                                                          0x02bbad9d
                                                                                                          0x02bbada5
                                                                                                          0x02bbadaa
                                                                                                          0x02bbadb2
                                                                                                          0x02bbadba
                                                                                                          0x02bbadc2
                                                                                                          0x02bbadca
                                                                                                          0x02bbadd2
                                                                                                          0x02bbade8
                                                                                                          0x02bbadf7
                                                                                                          0x02bbadfa
                                                                                                          0x02bbae01
                                                                                                          0x02bbae0c
                                                                                                          0x02bbae14
                                                                                                          0x02bbae19
                                                                                                          0x02bbae21
                                                                                                          0x02bbae29
                                                                                                          0x02bbae34
                                                                                                          0x02bbae3f
                                                                                                          0x02bbae4a
                                                                                                          0x02bbae55
                                                                                                          0x02bbae5d
                                                                                                          0x02bbae6a
                                                                                                          0x02bbae6e
                                                                                                          0x02bbae76
                                                                                                          0x02bbae89
                                                                                                          0x02bbae90
                                                                                                          0x02bbae9b
                                                                                                          0x02bbaeae
                                                                                                          0x02bbaebd
                                                                                                          0x02bbaec4
                                                                                                          0x02bbaecf
                                                                                                          0x02bbaeda
                                                                                                          0x02bbaee5
                                                                                                          0x02bbaef0
                                                                                                          0x02bbaf04
                                                                                                          0x02bbaf0b
                                                                                                          0x02bbaf16
                                                                                                          0x02bbaf21
                                                                                                          0x02bbaf2c
                                                                                                          0x02bbaf37
                                                                                                          0x02bbaf42
                                                                                                          0x02bbaf57
                                                                                                          0x02bbaf65
                                                                                                          0x02bbaf6a
                                                                                                          0x02bbaf73
                                                                                                          0x02bbaf7e
                                                                                                          0x02bbaf89
                                                                                                          0x02bbaf91
                                                                                                          0x02bbaf9c
                                                                                                          0x02bbafa8
                                                                                                          0x02bbafad
                                                                                                          0x02bbafb3
                                                                                                          0x02bbafbb
                                                                                                          0x02bbafc3
                                                                                                          0x02bbafcb
                                                                                                          0x02bbafdd
                                                                                                          0x02bbafe0
                                                                                                          0x02bbafe7
                                                                                                          0x02bbaff2
                                                                                                          0x02bbaffd
                                                                                                          0x02bbb010
                                                                                                          0x02bbb017
                                                                                                          0x02bbb022
                                                                                                          0x02bbb02d
                                                                                                          0x02bbb035
                                                                                                          0x02bbb040
                                                                                                          0x02bbb04b
                                                                                                          0x02bbb058
                                                                                                          0x02bbb05c
                                                                                                          0x02bbb064
                                                                                                          0x02bbb069
                                                                                                          0x02bbb071
                                                                                                          0x02bbb079
                                                                                                          0x02bbb086
                                                                                                          0x02bbb08a
                                                                                                          0x02bbb08f
                                                                                                          0x02bbb097
                                                                                                          0x02bbb09f
                                                                                                          0x02bbb0a7
                                                                                                          0x02bbb0af
                                                                                                          0x02bbb0b7
                                                                                                          0x02bbb0c2
                                                                                                          0x02bbb0ca
                                                                                                          0x02bbb0d5
                                                                                                          0x02bbb0e0
                                                                                                          0x02bbb0e8
                                                                                                          0x02bbb0f3
                                                                                                          0x02bbb0fe
                                                                                                          0x02bbb10e
                                                                                                          0x02bbb115
                                                                                                          0x02bbb120
                                                                                                          0x02bbb133
                                                                                                          0x02bbb13a
                                                                                                          0x02bbb142
                                                                                                          0x02bbb14d
                                                                                                          0x02bbb155
                                                                                                          0x02bbb159
                                                                                                          0x02bbb161
                                                                                                          0x02bbb169
                                                                                                          0x02bbb171
                                                                                                          0x02bbb176
                                                                                                          0x02bbb17e
                                                                                                          0x02bbb186
                                                                                                          0x02bbb191
                                                                                                          0x02bbb19c
                                                                                                          0x02bbb1a7
                                                                                                          0x02bbb1b4
                                                                                                          0x02bbb1b8
                                                                                                          0x02bbb1c0
                                                                                                          0x02bbb1ca
                                                                                                          0x02bbb1d8
                                                                                                          0x02bbb1dd
                                                                                                          0x02bbb1e3
                                                                                                          0x02bbb1eb
                                                                                                          0x02bbb1f3
                                                                                                          0x02bbb1fe
                                                                                                          0x02bbb209
                                                                                                          0x02bbb214
                                                                                                          0x02bbb21f
                                                                                                          0x02bbb22a
                                                                                                          0x02bbb235
                                                                                                          0x02bbb240
                                                                                                          0x02bbb24b
                                                                                                          0x02bbb253
                                                                                                          0x02bbb25e
                                                                                                          0x02bbb270
                                                                                                          0x02bbb275
                                                                                                          0x02bbb27e
                                                                                                          0x02bbb289
                                                                                                          0x02bbb294
                                                                                                          0x02bbb2a6
                                                                                                          0x02bbb2ab
                                                                                                          0x02bbb2bc
                                                                                                          0x02bbb2bf
                                                                                                          0x02bbb2c6
                                                                                                          0x02bbb2d1
                                                                                                          0x02bbb2e4
                                                                                                          0x02bbb2eb
                                                                                                          0x02bbb2f6
                                                                                                          0x02bbb301
                                                                                                          0x02bbb309
                                                                                                          0x02bbb314
                                                                                                          0x02bbb324
                                                                                                          0x02bbb32d
                                                                                                          0x02bbb330
                                                                                                          0x02bbb33c
                                                                                                          0x02bbb340
                                                                                                          0x02bbb348
                                                                                                          0x02bbb35a
                                                                                                          0x02bbb35d
                                                                                                          0x02bbb364
                                                                                                          0x02bbb36f
                                                                                                          0x02bbb377
                                                                                                          0x02bbb37f
                                                                                                          0x02bbb384
                                                                                                          0x02bbb389
                                                                                                          0x02bbb391
                                                                                                          0x02bbb39c
                                                                                                          0x02bbb3a7
                                                                                                          0x02bbb3b2
                                                                                                          0x02bbb3ba
                                                                                                          0x02bbb3c2
                                                                                                          0x02bbb3cf
                                                                                                          0x02bbb3d3
                                                                                                          0x02bbb3e2
                                                                                                          0x02bbb3e7
                                                                                                          0x02bbb3ee
                                                                                                          0x02bbb3ee
                                                                                                          0x02bbb3f0
                                                                                                          0x02bbb3f0
                                                                                                          0x02bbb3f0
                                                                                                          0x02bbb3f0
                                                                                                          0x02bbb3f6
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bbb3fc
                                                                                                          0x02bbb668
                                                                                                          0x02bbb66e
                                                                                                          0x02bbb66f
                                                                                                          0x00000000
                                                                                                          0x02bbb402
                                                                                                          0x02bbb408
                                                                                                          0x02bbb5b7
                                                                                                          0x02bbb5c0
                                                                                                          0x02bbb5c4
                                                                                                          0x02bbb5da
                                                                                                          0x02bbb61d
                                                                                                          0x02bbb629
                                                                                                          0x02bbb640
                                                                                                          0x02bbb645
                                                                                                          0x02bbb648
                                                                                                          0x00000000
                                                                                                          0x02bbb40e
                                                                                                          0x02bbb414
                                                                                                          0x02bbb57a
                                                                                                          0x02bbb599
                                                                                                          0x02bbb5a5
                                                                                                          0x02bbb5aa
                                                                                                          0x02bbb5ad
                                                                                                          0x00000000
                                                                                                          0x02bbb41a
                                                                                                          0x02bbb420
                                                                                                          0x02bbb473
                                                                                                          0x02bbb49b
                                                                                                          0x02bbb4bc
                                                                                                          0x02bbb4c9
                                                                                                          0x02bbb4cd
                                                                                                          0x02bbb4d4
                                                                                                          0x02bbb523
                                                                                                          0x02bbb543
                                                                                                          0x02bbb548
                                                                                                          0x02bbb561
                                                                                                          0x02bbb567
                                                                                                          0x02bbb568
                                                                                                          0x02bbb56a
                                                                                                          0x02bbb570
                                                                                                          0x00000000
                                                                                                          0x02bbb570
                                                                                                          0x02bbb422
                                                                                                          0x02bbb428
                                                                                                          0x00000000
                                                                                                          0x02bbb814
                                                                                                          0x02bbb434
                                                                                                          0x00000000
                                                                                                          0x02bbb43a
                                                                                                          0x02bbb451
                                                                                                          0x02bbb457
                                                                                                          0x02bbb458
                                                                                                          0x00000000
                                                                                                          0x02bbb458
                                                                                                          0x00000000
                                                                                                          0x02bbb434
                                                                                                          0x02bbb420
                                                                                                          0x02bbb414
                                                                                                          0x02bbb408
                                                                                                          0x02bbb81f
                                                                                                          0x02bbb81f
                                                                                                          0x00000000
                                                                                                          0x02bbb81f
                                                                                                          0x02bbb679
                                                                                                          0x02bbb67f
                                                                                                          0x02bbb7d3
                                                                                                          0x02bbb7d8
                                                                                                          0x02bbb7db
                                                                                                          0x02bbb7dc
                                                                                                          0x02bbb7de
                                                                                                          0x02bbb7ea
                                                                                                          0x00000000
                                                                                                          0x02bbb7e0
                                                                                                          0x02bbb7e0
                                                                                                          0x00000000
                                                                                                          0x02bbb7e0
                                                                                                          0x00000000
                                                                                                          0x02bbb685
                                                                                                          0x02bbb685
                                                                                                          0x02bbb68b
                                                                                                          0x02bbb78e
                                                                                                          0x02bbb79c
                                                                                                          0x02bbb7a6
                                                                                                          0x02bbb7ae
                                                                                                          0x02bbb7af
                                                                                                          0x00000000
                                                                                                          0x02bbb691
                                                                                                          0x02bbb691
                                                                                                          0x02bbb697
                                                                                                          0x02bbb753
                                                                                                          0x02bbb767
                                                                                                          0x02bbb76e
                                                                                                          0x02bbb773
                                                                                                          0x02bbb776
                                                                                                          0x00000000
                                                                                                          0x02bbb69d
                                                                                                          0x02bbb69d
                                                                                                          0x02bbb6a3
                                                                                                          0x00000000
                                                                                                          0x02bbb6a9
                                                                                                          0x02bbb6c3
                                                                                                          0x02bbb6ca
                                                                                                          0x02bbb6cf
                                                                                                          0x02bbb6ed
                                                                                                          0x02bbb71c
                                                                                                          0x02bbb723
                                                                                                          0x02bbb728
                                                                                                          0x02bbb72b
                                                                                                          0x02bbb72d
                                                                                                          0x02bbb733
                                                                                                          0x00000000
                                                                                                          0x02bbb733
                                                                                                          0x02bbb72d
                                                                                                          0x02bbb6a3
                                                                                                          0x02bbb697
                                                                                                          0x02bbb68b
                                                                                                          0x00000000
                                                                                                          0x02bbb7ef
                                                                                                          0x02bbb7ef
                                                                                                          0x02bbb7ef
                                                                                                          0x00000000

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: h$!.$$P$/e$05$2iJ$B:$BbJ$HMJ9$K$N $QGgf$\\$uv$xs,$~63$~63$9$l+}
                                                                                                          • API String ID: 0-4215899151
                                                                                                          • Opcode ID: c6d88011989ae161292d470f9a3b542e7518030fb5cc04bf32b0c107d3ee2dfd
                                                                                                          • Instruction ID: dc524b4322beaf4a00ae3fde5a2d9caf715666b887c8af4a1f090dfd29bfe687
                                                                                                          • Opcode Fuzzy Hash: c6d88011989ae161292d470f9a3b542e7518030fb5cc04bf32b0c107d3ee2dfd
                                                                                                          • Instruction Fuzzy Hash: 0E72EF725083819FD379CF21D58AB9BBBE2BBC4308F10891DE5D996260DBB19958CF43
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BC0F86, Relevance: 23.2, Strings: 18, Instructions: 723COMMONCrypto
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 334 2bc0f86-2bc1c74 335 2bc1c7c 334->335 336 2bc1c81 335->336 337 2bc1c86 336->337 338 2bc1c8b-2bc1c91 337->338 339 2bc1f14-2bc1f1a 338->339 340 2bc1c97 338->340 343 2bc204f-2bc20f3 call 2bce1f8 call 2bbbc32 call 2bcfecb 339->343 344 2bc1f20-2bc1f22 339->344 341 2bc1c9d-2bc1ca3 340->341 342 2bc1eea-2bc1f0f call 2bcc237 340->342 345 2bc1e0d-2bc1ee5 call 2bce1f8 * 2 call 2bb738a call 2bcfecb * 2 341->345 346 2bc1ca9-2bc1caf 341->346 342->335 398 2bc20f6-2bc2105 343->398 349 2bc200d-2bc204a call 2bb51e7 344->349 350 2bc1f28-2bc1f2e 344->350 345->398 351 2bc1dee-2bc1e08 call 2bb2ebf 346->351 352 2bc1cb5-2bc1cb7 346->352 349->335 357 2bc1f34-2bc1f3a 350->357 358 2bc1fe0-2bc2008 call 2bcc237 350->358 351->335 359 2bc1cb9-2bc1cbf 352->359 360 2bc1cf7-2bc1d85 call 2bce1f8 call 2bd16c0 352->360 366 2bc1f3c-2bc1f3e 357->366 367 2bc1f7e-2bc1fdb call 2bd43e6 357->367 358->335 369 2bc2118-2bc2134 call 2bbf7fe 359->369 370 2bc1cc5-2bc1cc7 359->370 400 2bc1dbe 360->400 401 2bc1d87-2bc1dbc call 2bcc9b0 360->401 376 2bc210a-2bc2110 366->376 377 2bc1f44-2bc1f79 call 2bcc2cf 366->377 367->337 387 2bc2135-2bc2141 369->387 381 2bc1cdc-2bc1cf5 call 2bb3431 370->381 382 2bc1cc9-2bc1ccf 370->382 376->338 379 2bc2116 376->379 377->336 379->387 381->335 382->376 389 2bc1cd5-2bc1cda 382->389 389->338 398->376 404 2bc1dc3-2bc1de9 call 2bcfecb 400->404 401->404 404->398
                                                                                                          C-Code - Quality: 96%
                                                                                                          			E02BC0F86(intOrPtr* __ecx) {
				char _v68;
				char _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr* _v96;
				char _v100;
				char _v104;
				char _v108;
				char _v112;
				char _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				signed int _v388;
				signed int _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				signed int _v408;
				signed int _v412;
				signed int _v416;
				signed int _v420;
				signed int _v424;
				signed int _v428;
				signed int _v432;
				signed int _v436;
				signed int _v440;
				void* _t824;
				void* _t825;
				void* _t829;
				void* _t832;
				void* _t844;
				void* _t850;
				void* _t853;
				signed int _t860;
				signed int _t861;
				signed int _t862;
				signed int _t863;
				signed int _t864;
				signed int _t865;
				signed int _t866;
				signed int _t867;
				signed int _t868;
				signed int _t869;
				signed int _t870;
				signed int _t871;
				signed int _t872;
				signed int _t873;
				signed int _t874;
				signed int _t875;
				signed int _t876;
				void* _t882;
				void* _t901;
				void* _t957;
				intOrPtr _t975;
				intOrPtr* _t978;
				signed int _t980;
				signed int _t981;
				void* _t982;
				intOrPtr _t986;
				void* _t987;
				void* _t994;
				void* _t996;

				_t978 = __ecx;
				_v96 = __ecx;
				_v88 = 0xce16ef;
				_t986 = 0;
				_t853 = 0x87433f6;
				_v84 = 0;
				_v80 = 0;
				_v412 = 0xef09b0;
				_v412 = _v412 + 0xffff239a;
				_v412 = _v412 >> 0xe;
				_v412 = _v412 + 0xffffb1af;
				_v412 = _v412 ^ 0xffffb567;
				_v144 = 0xb2550e;
				_v144 = _v144 << 6;
				_v144 = _v144 ^ 0x2c954380;
				_v160 = 0xa1df5c;
				_v160 = _v160 * 0x60;
				_v160 = _v160 ^ 0x3cb3c280;
				_v288 = 0x7a32d8;
				_v288 = _v288 | 0x8c6c9666;
				_v288 = _v288 ^ 0x041f8caf;
				_v288 = _v288 ^ 0x88613a51;
				_v348 = 0xdf5e12;
				_v348 = _v348 | 0xa5ea5eb7;
				_v348 = _v348 ^ 0xa5ff5eb7;
				_v296 = 0x7009ff;
				_v296 = _v296 + 0xffff1527;
				_v296 = _v296 + 0x576a;
				_v296 = _v296 ^ 0x006f7690;
				_v372 = 0x1f54b;
				_t860 = 0x52;
				_v372 = _v372 * 0x5a;
				_v372 = _v372 >> 0xb;
				_v372 = _v372 / _t860;
				_v372 = _v372 ^ 0x00000044;
				_v332 = 0x772df1;
				_v332 = _v332 + 0x4853;
				_v332 = _v332 ^ 0x166147d5;
				_v332 = _v332 ^ 0x16163191;
				_v240 = 0x1a1abb;
				_v240 = _v240 ^ 0xbdfc81b5;
				_v240 = _v240 | 0x1ef02f35;
				_v240 = _v240 ^ 0xbff6bf3f;
				_v232 = 0x620327;
				_v232 = _v232 + 0xffffc934;
				_t861 = 0x13;
				_v232 = _v232 / _t861;
				_v232 = _v232 ^ 0x000525b3;
				_v208 = 0xe2fff2;
				_t980 = 0x39;
				_v208 = _v208 * 0x78;
				_v208 = _v208 ^ 0x6a67f970;
				_v344 = 0xf3734c;
				_v344 = _v344 >> 0x10;
				_v344 = _v344 / _t980;
				_v344 = _v344 ^ 0x00000004;
				_v300 = 0x170e40;
				_v300 = _v300 | 0xfbde795f;
				_v300 = _v300 ^ 0xfbde9330;
				_v260 = 0xd4f3ae;
				_v260 = _v260 ^ 0x9e22b963;
				_v260 = _v260 * 0x2e;
				_v260 = _v260 ^ 0x904fea8f;
				_v356 = 0x4c8d9b;
				_v356 = _v356 | 0xd47535dd;
				_v356 = _v356 + 0xffffd433;
				_t862 = 0x64;
				_v356 = _v356 * 0x59;
				_v356 = _v356 ^ 0xdfa15942;
				_v308 = 0xbd9260;
				_v308 = _v308 >> 0xe;
				_v308 = _v308 * 0x79;
				_v308 = _v308 ^ 0x000cbe7b;
				_v252 = 0xa2f51d;
				_v252 = _v252 + 0x749;
				_v252 = _v252 << 0xd;
				_v252 = _v252 ^ 0x5f854687;
				_v292 = 0x216e58;
				_v292 = _v292 / _t862;
				_v292 = _v292 + 0xffff8880;
				_v292 = _v292 ^ 0xfff3b1bc;
				_v176 = 0xac4eb4;
				_v176 = _v176 | 0xd866b52c;
				_v176 = _v176 ^ 0xd8e8b8b7;
				_v236 = 0x7a6201;
				_v236 = _v236 ^ 0x2461ec4e;
				_t863 = 0xa;
				_v236 = _v236 * 0x35;
				_v236 = _v236 ^ 0x79bb4b53;
				_v220 = 0xf5a9fb;
				_v220 = _v220 << 1;
				_v220 = _v220 >> 5;
				_v220 = _v220 ^ 0x000a39a7;
				_v380 = 0x7beff6;
				_v380 = _v380 / _t863;
				_v380 = _v380 | 0x5a206f9b;
				_v380 = _v380 * 0x3d;
				_v380 = _v380 ^ 0x7c9823d9;
				_v284 = 0xdc7201;
				_v284 = _v284 ^ 0xec4f9d75;
				_v284 = _v284 << 8;
				_v284 = _v284 ^ 0x93e140b6;
				_v396 = 0x36b797;
				_v396 = _v396 + 0x83f2;
				_v396 = _v396 | 0xb5da4ffa;
				_v396 = _v396 ^ 0x8c9f27f1;
				_v396 = _v396 ^ 0x3962cb66;
				_v364 = 0x608af6;
				_v364 = _v364 >> 0xe;
				_v364 = _v364 ^ 0xb06c2668;
				_v364 = _v364 >> 0xa;
				_v364 = _v364 ^ 0x0022b374;
				_v404 = 0xe18b1f;
				_v404 = _v404 + 0xffff49de;
				_v404 = _v404 + 0xffffa950;
				_v404 = _v404 >> 5;
				_v404 = _v404 ^ 0x000802e7;
				_v168 = 0x720eed;
				_v168 = _v168 | 0xf4577aa8;
				_v168 = _v168 ^ 0xf4704e8f;
				_v328 = 0x5e39f;
				_v328 = _v328 * 0x2a;
				_v328 = _v328 ^ 0x47860790;
				_v328 = _v328 ^ 0x47706e69;
				_v336 = 0xdd3db6;
				_v336 = _v336 ^ 0x0be1064e;
				_v336 = _v336 ^ 0xe0fa941c;
				_v336 = _v336 ^ 0xebc1ff07;
				_v340 = 0x8bacdf;
				_t864 = 0x49;
				_v340 = _v340 / _t864;
				_t865 = 0x77;
				_v340 = _v340 * 0x4d;
				_v340 = _v340 ^ 0x0099a7e7;
				_v440 = 0x29fcf0;
				_v440 = _v440 >> 4;
				_v440 = _v440 ^ 0x37539152;
				_v440 = _v440 / _t865;
				_v440 = _v440 ^ 0x007580f6;
				_v400 = 0x753dd5;
				_v400 = _v400 ^ 0x142a6b84;
				_v400 = _v400 ^ 0x6d30c2ad;
				_v400 = _v400 ^ 0xe014bebf;
				_v400 = _v400 ^ 0x997c2220;
				_v128 = 0x8b3cd;
				_v128 = _v128 << 2;
				_v128 = _v128 ^ 0x002b9a55;
				_v408 = 0x5fd2f;
				_v408 = _v408 >> 9;
				_t866 = 0x69;
				_v408 = _v408 * 0x53;
				_v408 = _v408 * 0x58;
				_v408 = _v408 ^ 0x00501640;
				_v416 = 0x7e5e32;
				_v416 = _v416 | 0x37c3b1cb;
				_v416 = _v416 + 0x4e4b;
				_v416 = _v416 | 0xc7e68b70;
				_v416 = _v416 ^ 0xffec3e94;
				_v304 = 0xac72e0;
				_v304 = _v304 + 0xffff9516;
				_v304 = _v304 | 0x0ab72207;
				_v304 = _v304 ^ 0x0aba1474;
				_v424 = 0x91a63a;
				_v424 = _v424 | 0xeda6ffa9;
				_v424 = _v424 ^ 0xa7761782;
				_v424 = _v424 << 0xe;
				_v424 = _v424 ^ 0x7a08e30a;
				_v436 = 0x9e7f8b;
				_v436 = _v436 | 0x84ca61f6;
				_v436 = _v436 << 2;
				_v436 = _v436 * 0x3e;
				_v436 = _v436 ^ 0xb78cfbfa;
				_v216 = 0x303808;
				_v216 = _v216 + 0xef78;
				_v216 = _v216 / _t980;
				_v216 = _v216 ^ 0x000455e2;
				_v312 = 0x19b522;
				_v312 = _v312 << 7;
				_v312 = _v312 ^ 0x11162953;
				_v312 = _v312 ^ 0x1dcfd305;
				_v212 = 0x8a6fc0;
				_v212 = _v212 << 9;
				_v212 = _v212 ^ 0x14d4ca12;
				_v276 = 0xdb7845;
				_v276 = _v276 / _t866;
				_v276 = _v276 * 0x1c;
				_v276 = _v276 ^ 0x003237f1;
				_v124 = 0x91e545;
				_t867 = 0x7b;
				_v124 = _v124 / _t867;
				_v124 = _v124 ^ 0x0004745c;
				_v192 = 0x2154b3;
				_v192 = _v192 ^ 0x5324a52c;
				_v192 = _v192 ^ 0x530d1a47;
				_v140 = 0x7913eb;
				_v140 = _v140 | 0xe487e648;
				_v140 = _v140 ^ 0xe4fd51cb;
				_v428 = 0x8a554f;
				_v428 = _v428 << 1;
				_v428 = _v428 + 0xffff493d;
				_v428 = _v428 | 0x8f4663f4;
				_v428 = _v428 ^ 0x8f592165;
				_v200 = 0x5c4830;
				_v200 = _v200 + 0xffffe35d;
				_v200 = _v200 ^ 0x00549f8c;
				_v132 = 0x6e2e79;
				_t377 =  &_v132; // 0x6e2e79
				_t981 = 0x62;
				_v132 =  *_t377 / _t981;
				_v132 = _v132 ^ 0x000a369f;
				_v244 = 0x1d0d9a;
				_t868 = 0x6e;
				_v244 = _v244 / _t868;
				_v244 = _v244 ^ 0xec9a9004;
				_v244 = _v244 ^ 0xec94e609;
				_v148 = 0xd4a92;
				_v148 = _v148 + 0xffffbc3f;
				_v148 = _v148 ^ 0x00088ca7;
				_v184 = 0x3666a0;
				_v184 = _v184 >> 0xb;
				_v184 = _v184 ^ 0x00096f18;
				_v228 = 0x713966;
				_v228 = _v228 << 3;
				_v228 = _v228 << 0xb;
				_v228 = _v228 ^ 0x4e5b426e;
				_v316 = 0xec09e9;
				_v316 = _v316 << 7;
				_t869 = 0x78;
				_v316 = _v316 / _t869;
				_v316 = _v316 ^ 0x00fe5880;
				_v268 = 0x8ffe81;
				_v268 = _v268 + 0xffff4311;
				_v268 = _v268 ^ 0x56e15418;
				_v268 = _v268 ^ 0x566a144b;
				_v324 = 0x9f4c2e;
				_v324 = _v324 >> 4;
				_v324 = _v324 | 0x903f3b4d;
				_v324 = _v324 ^ 0x9031b6d7;
				_v196 = 0x6080cf;
				_v196 = _v196 << 0xe;
				_v196 = _v196 ^ 0x203ba000;
				_v256 = 0x4bba45;
				_v256 = _v256 + 0xc17c;
				_v256 = _v256 | 0x95e268b8;
				_v256 = _v256 ^ 0x95e68234;
				_v264 = 0x7821fc;
				_v264 = _v264 << 3;
				_t870 = 0x34;
				_v264 = _v264 / _t870;
				_v264 = _v264 ^ 0x001694e5;
				_v204 = 0x96f3a5;
				_v204 = _v204 * 0x24;
				_v204 = _v204 ^ 0x153e3a4b;
				_v368 = 0xbef911;
				_t871 = 0xe;
				_v368 = _v368 / _t871;
				_v368 = _v368 >> 0xb;
				_v368 = _v368 + 0x5de4;
				_v368 = _v368 ^ 0x00021c01;
				_v376 = 0x377d04;
				_v376 = _v376 + 0xcef;
				_v376 = _v376 ^ 0x9e466b70;
				_t872 = 0x59;
				_v376 = _v376 * 0x6b;
				_v376 = _v376 ^ 0x399834bf;
				_v180 = 0x6632ea;
				_v180 = _v180 | 0x3a3e38fd;
				_v180 = _v180 ^ 0x3a73a81b;
				_v248 = 0x142cd9;
				_v248 = _v248 / _t872;
				_v248 = _v248 / _t981;
				_v248 = _v248 ^ 0x0001d965;
				_v188 = 0x88b8e9;
				_v188 = _v188 + 0xffff5f5f;
				_v188 = _v188 ^ 0x0087927e;
				_v164 = 0x9c013d;
				_t873 = 0xa;
				_v164 = _v164 / _t873;
				_v164 = _v164 ^ 0x0004ead6;
				_v172 = 0x53b5f1;
				_v172 = _v172 + 0xd9f2;
				_v172 = _v172 ^ 0x005588af;
				_v360 = 0xd6ac8a;
				_v360 = _v360 | 0xfdf9fa5f;
				_v360 = _v360 ^ 0xfdfecc4d;
				_v224 = 0xfb951e;
				_v224 = _v224 + 0xffff2e4c;
				_v224 = _v224 + 0x8dcd;
				_v224 = _v224 ^ 0x00f1d24a;
				_v272 = 0x6e5d6f;
				_v272 = _v272 << 2;
				_t874 = 0x6f;
				_v272 = _v272 / _t874;
				_v272 = _v272 ^ 0x000d7a86;
				_v384 = 0x15dc31;
				_v384 = _v384 + 0xfffffc55;
				_v384 = _v384 << 0x10;
				_v384 = _v384 >> 0xa;
				_v384 = _v384 ^ 0x003c4753;
				_v392 = 0x7bc513;
				_v392 = _v392 * 0x54;
				_v392 = _v392 | 0xe01c3b63;
				_v392 = _v392 + 0xe1b2;
				_v392 = _v392 ^ 0xe89c6b16;
				_v420 = 0x6862b7;
				_v420 = _v420 ^ 0x841c6550;
				_v420 = _v420 + 0xd52;
				_v420 = _v420 >> 0x10;
				_v420 = _v420 ^ 0x000e8d54;
				_v388 = 0x19484a;
				_t982 = 0x6f661e6;
				_t875 = 0x68;
				_v388 = _v388 / _t875;
				_t876 = 0xd;
				_v92 = 0x100;
				_v388 = _v388 * 0x61;
				_v388 = _v388 << 6;
				_v388 = _v388 ^ 0x05e5c873;
				_v432 = 0xb160;
				_v432 = _v432 * 0x78;
				_v432 = _v432 >> 8;
				_v432 = _v432 ^ 0xee0de4a9;
				_v432 = _v432 ^ 0xee0e3c37;
				_v320 = 0x436488;
				_v320 = _v320 * 0x7d;
				_v320 = _v320 * 0x24;
				_v320 = _v320 ^ 0xa0a81f1c;
				_v136 = 0x73af31;
				_v136 = _v136 >> 0xf;
				_v136 = _v136 ^ 0x0004ab53;
				_v120 = 0xd23217;
				_v120 = _v120 | 0x86b48086;
				_v120 = _v120 ^ 0x86fe303d;
				_v280 = 0x567562;
				_v280 = _v280 / _t876;
				_v280 = _v280 + 0xffff7ef5;
				_v280 = _v280 ^ 0x00098751;
				_v152 = 0x24c9f6;
				_v152 = _v152 + 0x7f22;
				_v152 = _v152 ^ 0x002f2944;
				_v156 = 0xe548b;
				_v156 = _v156 + 0xe219;
				_v156 = _v156 ^ 0x000a95de;
				_v352 = 0xccf4e9;
				_v352 = _v352 | 0x0ed71748;
				_v352 = _v352 + 0xefd9;
				_v352 = _v352 << 3;
				_v352 = _v352 ^ 0x770f1835;
				while(1) {
					L1:
					while(1) {
						L2:
						while(1) {
							L3:
							_t957 = 0xaefec99;
							do {
								while(1) {
									L4:
									_t996 = _t853 - 0x89f995e;
									if(_t996 > 0) {
										break;
									}
									if(_t996 == 0) {
										E02BCC237(_v108, _v432, _v320, _v136);
										_t853 = 0xc502d5f;
										while(1) {
											L1:
											goto L2;
										}
									} else {
										if(_t853 == 0x49f634) {
											_push(_v308);
											_push(_v356);
											_push(_v260);
											_t832 = E02BCE1F8(0x2bb13d8, _v300, __eflags);
											_push(_v236);
											_push(_v176);
											_push(_v292);
											__eflags = E02BB738A(_v220, _t832, _v380, _v412,  &_v112, E02BCE1F8(0x2bb1318, _v252, __eflags), _v284) - _v144;
											_t853 =  ==  ? 0xc917448 : 0x468e224;
											E02BCFECB(_t832, _v396, _v364, _v404, _v168);
											E02BCFECB(_t833, _v328, _v336, _v340, _v440);
											_t978 = _v96;
											_t987 = _t987 + 0x44;
											goto L31;
										} else {
											if(_t853 == 0x1281fcd) {
												E02BB2EBF(_v420, _v104, _v388);
												_t853 = 0x89f995e;
												while(1) {
													L1:
													goto L2;
												}
											} else {
												if(_t853 == _t824) {
													_push(_v212);
													_push(_v312);
													_push(_v216);
													_t985 = E02BCE1F8(0x2bb1368, _v436, __eflags);
													_t901 = 0x48;
													_v100 = 0x2bb1368;
													_t844 = E02BD16C0(_v276, 0x2bb1368, _v116,  &_v100, _v124, _v192, _t841, _v140, _v428, _t901, _v372, _v200, _v132,  &_v76);
													_t994 = _t987 + 0x3c;
													__eflags = _t844 - _v332;
													if(_t844 != _v332) {
														_t853 = 0xc502d5f;
													} else {
														_t975 =  *0x2bd6224; // 0x0
														E02BCC9B0(_v244, _t975 + 8, _v148, 0x40,  &_v68, _v184);
														_t994 = _t994 + 0x10;
														_t853 = 0x9badbc8;
													}
													E02BCFECB(_t985, _v228, _v316, _v268, _v324);
													_t987 = _t994 + 0xc;
													L31:
													_t982 = 0x6f661e6;
													_t824 = 0x38eaa65;
													_t882 = 0xe81b6a7;
													_t957 = 0xaefec99;
													goto L32;
												} else {
													if(_t853 == 0x5c5114f) {
														E02BBF7FE(_v156, _v112, _v352, _v344);
													} else {
														if(_t853 == _t982) {
															_t850 = E02BB3431(_v104);
															_t853 = 0x1281fcd;
															__eflags = _t850;
															_t986 =  !=  ? 1 : _t986;
															while(1) {
																L1:
																L2:
																L3:
																_t957 = 0xaefec99;
																goto L4;
															}
														} else {
															if(_t853 != 0x87433f6) {
																goto L32;
															} else {
																_t853 = 0x49f634;
																continue;
															}
														}
													}
												}
											}
										}
									}
									L35:
									return _t986;
								}
								__eflags = _t853 - 0x9badbc8;
								if(__eflags == 0) {
									_push(_v204);
									_push(_v264);
									_push(_v256);
									__eflags = E02BBBC32( *((intOrPtr*)(_t978 + 4)),  &_v108, _v240, _v368, _v376, E02BCE1F8(0x2bb1368, _v196, __eflags),  *_t978, _v180, _v248, _v112, 0x2bb1368, _v188) - _v232;
									_t853 =  ==  ? 0xaefec99 : 0xc502d5f;
									E02BCFECB(_t819, _v164, _v172, _v360, _v224);
									_t987 = _t987 + 0x40;
									goto L31;
								} else {
									__eflags = _t853 - _t957;
									if(_t853 == _t957) {
										_t825 = E02BB51E7( &_v104, _v272, _v116, _v108, _v208, _v384, _v392);
										_t987 = _t987 + 0x14;
										__eflags = _t825;
										_t853 =  ==  ? _t982 : 0x89f995e;
										goto L1;
									} else {
										__eflags = _t853 - 0xc502d5f;
										if(_t853 == 0xc502d5f) {
											E02BCC237(_v116, _v120, _v280, _v152);
											_t853 = 0x5c5114f;
											while(1) {
												L1:
												goto L2;
											}
										} else {
											__eflags = _t853 - 0xc917448;
											if(_t853 == 0xc917448) {
												_v100 = _v92;
												_t829 = E02BD43E6(_v400, _v128, _v408, _v112, _v416, _v160,  &_v116, _v92);
												_t987 = _t987 + 0x18;
												__eflags = _t829 - _v288;
												_t882 = 0xe81b6a7;
												_t824 = 0x38eaa65;
												_t853 =  ==  ? 0xe81b6a7 : 0x5c5114f;
												goto L3;
											} else {
												__eflags = _t853 - _t882;
												if(_t853 != _t882) {
													goto L32;
												} else {
													__eflags = E02BCC2CF(_v304, _v348, _v424, _v116) - _v296;
													_t824 = 0x38eaa65;
													_t853 =  ==  ? 0x38eaa65 : 0xc502d5f;
													goto L2;
												}
											}
										}
									}
								}
								goto L35;
								L32:
								__eflags = _t853 - 0x468e224;
							} while (__eflags != 0);
							goto L35;
						}
					}
				}
			}




































































































































                                                                                                          0x02bc0f90
                                                                                                          0x02bc0f92
                                                                                                          0x02bc0f99
                                                                                                          0x02bc0fa6
                                                                                                          0x02bc0fa8
                                                                                                          0x02bc0fad
                                                                                                          0x02bc0fb4
                                                                                                          0x02bc0fbb
                                                                                                          0x02bc0fc3
                                                                                                          0x02bc0fcb
                                                                                                          0x02bc0fd0
                                                                                                          0x02bc0fd8
                                                                                                          0x02bc0fe0
                                                                                                          0x02bc0feb
                                                                                                          0x02bc0ff3
                                                                                                          0x02bc0ffe
                                                                                                          0x02bc1013
                                                                                                          0x02bc101a
                                                                                                          0x02bc1025
                                                                                                          0x02bc1030
                                                                                                          0x02bc103b
                                                                                                          0x02bc1046
                                                                                                          0x02bc1051
                                                                                                          0x02bc1059
                                                                                                          0x02bc1061
                                                                                                          0x02bc1069
                                                                                                          0x02bc1074
                                                                                                          0x02bc107f
                                                                                                          0x02bc108a
                                                                                                          0x02bc1095
                                                                                                          0x02bc10a2
                                                                                                          0x02bc10a5
                                                                                                          0x02bc10a9
                                                                                                          0x02bc10b6
                                                                                                          0x02bc10ba
                                                                                                          0x02bc10bf
                                                                                                          0x02bc10ca
                                                                                                          0x02bc10d5
                                                                                                          0x02bc10e0
                                                                                                          0x02bc10eb
                                                                                                          0x02bc10f6
                                                                                                          0x02bc1101
                                                                                                          0x02bc110c
                                                                                                          0x02bc1117
                                                                                                          0x02bc1122
                                                                                                          0x02bc1134
                                                                                                          0x02bc1139
                                                                                                          0x02bc1142
                                                                                                          0x02bc114d
                                                                                                          0x02bc1160
                                                                                                          0x02bc1161
                                                                                                          0x02bc1168
                                                                                                          0x02bc1173
                                                                                                          0x02bc117b
                                                                                                          0x02bc1186
                                                                                                          0x02bc118a
                                                                                                          0x02bc118f
                                                                                                          0x02bc119a
                                                                                                          0x02bc11a5
                                                                                                          0x02bc11b0
                                                                                                          0x02bc11bb
                                                                                                          0x02bc11ce
                                                                                                          0x02bc11d7
                                                                                                          0x02bc11e2
                                                                                                          0x02bc11ea
                                                                                                          0x02bc11f2
                                                                                                          0x02bc1201
                                                                                                          0x02bc1204
                                                                                                          0x02bc1208
                                                                                                          0x02bc1210
                                                                                                          0x02bc121b
                                                                                                          0x02bc122b
                                                                                                          0x02bc1232
                                                                                                          0x02bc123d
                                                                                                          0x02bc1248
                                                                                                          0x02bc1253
                                                                                                          0x02bc125b
                                                                                                          0x02bc1266
                                                                                                          0x02bc127c
                                                                                                          0x02bc1283
                                                                                                          0x02bc128e
                                                                                                          0x02bc1299
                                                                                                          0x02bc12a4
                                                                                                          0x02bc12af
                                                                                                          0x02bc12ba
                                                                                                          0x02bc12c5
                                                                                                          0x02bc12d8
                                                                                                          0x02bc12d9
                                                                                                          0x02bc12e0
                                                                                                          0x02bc12eb
                                                                                                          0x02bc12f6
                                                                                                          0x02bc12fd
                                                                                                          0x02bc1305
                                                                                                          0x02bc1310
                                                                                                          0x02bc131e
                                                                                                          0x02bc1322
                                                                                                          0x02bc132f
                                                                                                          0x02bc1333
                                                                                                          0x02bc133b
                                                                                                          0x02bc1346
                                                                                                          0x02bc1351
                                                                                                          0x02bc1359
                                                                                                          0x02bc1364
                                                                                                          0x02bc136c
                                                                                                          0x02bc1374
                                                                                                          0x02bc137c
                                                                                                          0x02bc1384
                                                                                                          0x02bc138c
                                                                                                          0x02bc1394
                                                                                                          0x02bc1399
                                                                                                          0x02bc13a1
                                                                                                          0x02bc13a6
                                                                                                          0x02bc13ae
                                                                                                          0x02bc13b6
                                                                                                          0x02bc13be
                                                                                                          0x02bc13c6
                                                                                                          0x02bc13cb
                                                                                                          0x02bc13d3
                                                                                                          0x02bc13de
                                                                                                          0x02bc13e9
                                                                                                          0x02bc13f4
                                                                                                          0x02bc1407
                                                                                                          0x02bc140e
                                                                                                          0x02bc1419
                                                                                                          0x02bc1424
                                                                                                          0x02bc142c
                                                                                                          0x02bc1434
                                                                                                          0x02bc143c
                                                                                                          0x02bc1444
                                                                                                          0x02bc1454
                                                                                                          0x02bc1459
                                                                                                          0x02bc1464
                                                                                                          0x02bc1467
                                                                                                          0x02bc146b
                                                                                                          0x02bc1473
                                                                                                          0x02bc147b
                                                                                                          0x02bc1480
                                                                                                          0x02bc1490
                                                                                                          0x02bc1494
                                                                                                          0x02bc149c
                                                                                                          0x02bc14a4
                                                                                                          0x02bc14ac
                                                                                                          0x02bc14b4
                                                                                                          0x02bc14bc
                                                                                                          0x02bc14c4
                                                                                                          0x02bc14cf
                                                                                                          0x02bc14d7
                                                                                                          0x02bc14e2
                                                                                                          0x02bc14ea
                                                                                                          0x02bc14f4
                                                                                                          0x02bc14f5
                                                                                                          0x02bc14fe
                                                                                                          0x02bc1502
                                                                                                          0x02bc150a
                                                                                                          0x02bc1512
                                                                                                          0x02bc151a
                                                                                                          0x02bc1522
                                                                                                          0x02bc152a
                                                                                                          0x02bc1532
                                                                                                          0x02bc153d
                                                                                                          0x02bc1548
                                                                                                          0x02bc1553
                                                                                                          0x02bc155e
                                                                                                          0x02bc1566
                                                                                                          0x02bc156e
                                                                                                          0x02bc1576
                                                                                                          0x02bc157b
                                                                                                          0x02bc1583
                                                                                                          0x02bc158b
                                                                                                          0x02bc1593
                                                                                                          0x02bc159d
                                                                                                          0x02bc15a1
                                                                                                          0x02bc15a9
                                                                                                          0x02bc15b4
                                                                                                          0x02bc15ca
                                                                                                          0x02bc15d1
                                                                                                          0x02bc15dc
                                                                                                          0x02bc15e7
                                                                                                          0x02bc15ef
                                                                                                          0x02bc15fa
                                                                                                          0x02bc1605
                                                                                                          0x02bc1610
                                                                                                          0x02bc1618
                                                                                                          0x02bc1623
                                                                                                          0x02bc1637
                                                                                                          0x02bc1646
                                                                                                          0x02bc164d
                                                                                                          0x02bc165a
                                                                                                          0x02bc166e
                                                                                                          0x02bc1673
                                                                                                          0x02bc167c
                                                                                                          0x02bc1687
                                                                                                          0x02bc1692
                                                                                                          0x02bc169d
                                                                                                          0x02bc16a8
                                                                                                          0x02bc16b3
                                                                                                          0x02bc16be
                                                                                                          0x02bc16c9
                                                                                                          0x02bc16d1
                                                                                                          0x02bc16d5
                                                                                                          0x02bc16dd
                                                                                                          0x02bc16e5
                                                                                                          0x02bc16ed
                                                                                                          0x02bc16f8
                                                                                                          0x02bc1703
                                                                                                          0x02bc170e
                                                                                                          0x02bc1719
                                                                                                          0x02bc1720
                                                                                                          0x02bc1725
                                                                                                          0x02bc172e
                                                                                                          0x02bc1739
                                                                                                          0x02bc174b
                                                                                                          0x02bc1750
                                                                                                          0x02bc1759
                                                                                                          0x02bc1764
                                                                                                          0x02bc176f
                                                                                                          0x02bc177a
                                                                                                          0x02bc1785
                                                                                                          0x02bc1790
                                                                                                          0x02bc179b
                                                                                                          0x02bc17a3
                                                                                                          0x02bc17ae
                                                                                                          0x02bc17b9
                                                                                                          0x02bc17c1
                                                                                                          0x02bc17c9
                                                                                                          0x02bc17d4
                                                                                                          0x02bc17df
                                                                                                          0x02bc17ee
                                                                                                          0x02bc17f3
                                                                                                          0x02bc17fc
                                                                                                          0x02bc1807
                                                                                                          0x02bc1812
                                                                                                          0x02bc181d
                                                                                                          0x02bc1828
                                                                                                          0x02bc1833
                                                                                                          0x02bc183e
                                                                                                          0x02bc1846
                                                                                                          0x02bc1851
                                                                                                          0x02bc185c
                                                                                                          0x02bc1867
                                                                                                          0x02bc186f
                                                                                                          0x02bc187a
                                                                                                          0x02bc1885
                                                                                                          0x02bc1890
                                                                                                          0x02bc189b
                                                                                                          0x02bc18a6
                                                                                                          0x02bc18b1
                                                                                                          0x02bc18c0
                                                                                                          0x02bc18c3
                                                                                                          0x02bc18ca
                                                                                                          0x02bc18d5
                                                                                                          0x02bc18e8
                                                                                                          0x02bc18f1
                                                                                                          0x02bc18fc
                                                                                                          0x02bc190a
                                                                                                          0x02bc190f
                                                                                                          0x02bc1913
                                                                                                          0x02bc1918
                                                                                                          0x02bc1920
                                                                                                          0x02bc1928
                                                                                                          0x02bc1930
                                                                                                          0x02bc1938
                                                                                                          0x02bc1947
                                                                                                          0x02bc194a
                                                                                                          0x02bc194e
                                                                                                          0x02bc1956
                                                                                                          0x02bc1961
                                                                                                          0x02bc196c
                                                                                                          0x02bc1977
                                                                                                          0x02bc198d
                                                                                                          0x02bc199f
                                                                                                          0x02bc19a6
                                                                                                          0x02bc19b1
                                                                                                          0x02bc19bc
                                                                                                          0x02bc19c7
                                                                                                          0x02bc19d2
                                                                                                          0x02bc19e4
                                                                                                          0x02bc19e9
                                                                                                          0x02bc19f2
                                                                                                          0x02bc19fd
                                                                                                          0x02bc1a08
                                                                                                          0x02bc1a13
                                                                                                          0x02bc1a1e
                                                                                                          0x02bc1a26
                                                                                                          0x02bc1a36
                                                                                                          0x02bc1a3e
                                                                                                          0x02bc1a49
                                                                                                          0x02bc1a54
                                                                                                          0x02bc1a5f
                                                                                                          0x02bc1a6a
                                                                                                          0x02bc1a75
                                                                                                          0x02bc1a84
                                                                                                          0x02bc1a87
                                                                                                          0x02bc1a8e
                                                                                                          0x02bc1a99
                                                                                                          0x02bc1aa1
                                                                                                          0x02bc1aa9
                                                                                                          0x02bc1aae
                                                                                                          0x02bc1ab3
                                                                                                          0x02bc1abb
                                                                                                          0x02bc1ac8
                                                                                                          0x02bc1acc
                                                                                                          0x02bc1ad4
                                                                                                          0x02bc1adc
                                                                                                          0x02bc1ae4
                                                                                                          0x02bc1aec
                                                                                                          0x02bc1af4
                                                                                                          0x02bc1afc
                                                                                                          0x02bc1b01
                                                                                                          0x02bc1b09
                                                                                                          0x02bc1b17
                                                                                                          0x02bc1b1e
                                                                                                          0x02bc1b23
                                                                                                          0x02bc1b2e
                                                                                                          0x02bc1b2f
                                                                                                          0x02bc1b3a
                                                                                                          0x02bc1b3e
                                                                                                          0x02bc1b43
                                                                                                          0x02bc1b4b
                                                                                                          0x02bc1b58
                                                                                                          0x02bc1b5c
                                                                                                          0x02bc1b61
                                                                                                          0x02bc1b69
                                                                                                          0x02bc1b71
                                                                                                          0x02bc1b84
                                                                                                          0x02bc1b93
                                                                                                          0x02bc1b9a
                                                                                                          0x02bc1ba5
                                                                                                          0x02bc1bb0
                                                                                                          0x02bc1bb8
                                                                                                          0x02bc1bc3
                                                                                                          0x02bc1bce
                                                                                                          0x02bc1bd9
                                                                                                          0x02bc1be4
                                                                                                          0x02bc1bf8
                                                                                                          0x02bc1bff
                                                                                                          0x02bc1c0a
                                                                                                          0x02bc1c15
                                                                                                          0x02bc1c20
                                                                                                          0x02bc1c2b
                                                                                                          0x02bc1c36
                                                                                                          0x02bc1c41
                                                                                                          0x02bc1c4c
                                                                                                          0x02bc1c57
                                                                                                          0x02bc1c5f
                                                                                                          0x02bc1c67
                                                                                                          0x02bc1c6f
                                                                                                          0x02bc1c74
                                                                                                          0x02bc1c7c
                                                                                                          0x02bc1c7c
                                                                                                          0x02bc1c81
                                                                                                          0x02bc1c81
                                                                                                          0x02bc1c86
                                                                                                          0x02bc1c86
                                                                                                          0x02bc1c86
                                                                                                          0x02bc1c8b
                                                                                                          0x02bc1c8b
                                                                                                          0x02bc1c8b
                                                                                                          0x02bc1c8b
                                                                                                          0x02bc1c91
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bc1c97
                                                                                                          0x02bc1f03
                                                                                                          0x02bc1f0a
                                                                                                          0x02bc1c7c
                                                                                                          0x02bc1c7c
                                                                                                          0x00000000
                                                                                                          0x02bc1c7c
                                                                                                          0x02bc1c9d
                                                                                                          0x02bc1ca3
                                                                                                          0x02bc1e0d
                                                                                                          0x02bc1e19
                                                                                                          0x02bc1e1d
                                                                                                          0x02bc1e2b
                                                                                                          0x02bc1e3a
                                                                                                          0x02bc1e41
                                                                                                          0x02bc1e48
                                                                                                          0x02bc1e97
                                                                                                          0x02bc1ea7
                                                                                                          0x02bc1eb6
                                                                                                          0x02bc1ed6
                                                                                                          0x02bc1edb
                                                                                                          0x02bc1ee2
                                                                                                          0x00000000
                                                                                                          0x02bc1ca9
                                                                                                          0x02bc1caf
                                                                                                          0x02bc1dfd
                                                                                                          0x02bc1e03
                                                                                                          0x02bc1c7c
                                                                                                          0x02bc1c7c
                                                                                                          0x00000000
                                                                                                          0x02bc1c7c
                                                                                                          0x02bc1cb5
                                                                                                          0x02bc1cb7
                                                                                                          0x02bc1cf7
                                                                                                          0x02bc1d03
                                                                                                          0x02bc1d0a
                                                                                                          0x02bc1d1d
                                                                                                          0x02bc1d28
                                                                                                          0x02bc1d38
                                                                                                          0x02bc1d76
                                                                                                          0x02bc1d7b
                                                                                                          0x02bc1d7e
                                                                                                          0x02bc1d85
                                                                                                          0x02bc1dbe
                                                                                                          0x02bc1d87
                                                                                                          0x02bc1d9f
                                                                                                          0x02bc1daf
                                                                                                          0x02bc1db4
                                                                                                          0x02bc1db7
                                                                                                          0x02bc1db7
                                                                                                          0x02bc1de1
                                                                                                          0x02bc1de6
                                                                                                          0x02bc20f6
                                                                                                          0x02bc20f6
                                                                                                          0x02bc20fb
                                                                                                          0x02bc2100
                                                                                                          0x02bc2105
                                                                                                          0x00000000
                                                                                                          0x02bc1cb9
                                                                                                          0x02bc1cbf
                                                                                                          0x02bc212e
                                                                                                          0x02bc1cc5
                                                                                                          0x02bc1cc7
                                                                                                          0x02bc1ce3
                                                                                                          0x02bc1cea
                                                                                                          0x02bc1cf0
                                                                                                          0x02bc1cf2
                                                                                                          0x02bc1c7c
                                                                                                          0x02bc1c7c
                                                                                                          0x02bc1c81
                                                                                                          0x02bc1c86
                                                                                                          0x02bc1c86
                                                                                                          0x00000000
                                                                                                          0x02bc1c86
                                                                                                          0x02bc1cc9
                                                                                                          0x02bc1ccf
                                                                                                          0x00000000
                                                                                                          0x02bc1cd5
                                                                                                          0x02bc1cd5
                                                                                                          0x00000000
                                                                                                          0x02bc1cd5
                                                                                                          0x02bc1ccf
                                                                                                          0x02bc1cc7
                                                                                                          0x02bc1cbf
                                                                                                          0x02bc1cb7
                                                                                                          0x02bc1caf
                                                                                                          0x02bc1ca3
                                                                                                          0x02bc2137
                                                                                                          0x02bc2141
                                                                                                          0x02bc2141
                                                                                                          0x02bc1f14
                                                                                                          0x02bc1f1a
                                                                                                          0x02bc204f
                                                                                                          0x02bc205b
                                                                                                          0x02bc2062
                                                                                                          0x02bc20c6
                                                                                                          0x02bc20dd
                                                                                                          0x02bc20ee
                                                                                                          0x02bc20f3
                                                                                                          0x00000000
                                                                                                          0x02bc1f20
                                                                                                          0x02bc1f20
                                                                                                          0x02bc1f22
                                                                                                          0x02bc2038
                                                                                                          0x02bc203d
                                                                                                          0x02bc2045
                                                                                                          0x02bc2047
                                                                                                          0x00000000
                                                                                                          0x02bc1f28
                                                                                                          0x02bc1f28
                                                                                                          0x02bc1f2e
                                                                                                          0x02bc1ffc
                                                                                                          0x02bc2003
                                                                                                          0x02bc1c7c
                                                                                                          0x02bc1c7c
                                                                                                          0x00000000
                                                                                                          0x02bc1c7c
                                                                                                          0x02bc1f34
                                                                                                          0x02bc1f34
                                                                                                          0x02bc1f3a
                                                                                                          0x02bc1f86
                                                                                                          0x02bc1fb6
                                                                                                          0x02bc1fbd
                                                                                                          0x02bc1fcc
                                                                                                          0x02bc1fce
                                                                                                          0x02bc1fd3
                                                                                                          0x02bc1fd8
                                                                                                          0x00000000
                                                                                                          0x02bc1f3c
                                                                                                          0x02bc1f3c
                                                                                                          0x02bc1f3e
                                                                                                          0x00000000
                                                                                                          0x02bc1f44
                                                                                                          0x02bc1f6f
                                                                                                          0x02bc1f71
                                                                                                          0x02bc1f76
                                                                                                          0x00000000
                                                                                                          0x02bc1f76
                                                                                                          0x02bc1f3e
                                                                                                          0x02bc1f3a
                                                                                                          0x02bc1f2e
                                                                                                          0x02bc1f22
                                                                                                          0x00000000
                                                                                                          0x02bc210a
                                                                                                          0x02bc210a
                                                                                                          0x02bc210a
                                                                                                          0x00000000
                                                                                                          0x02bc2116
                                                                                                          0x02bc1c86
                                                                                                          0x02bc1c81

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: 0H\$2^~$D)/$KN$Na$$R$SG<$Xn!$buV$inpG$inpG$jW$nB[N$o]n$x$y.n$2f$]
                                                                                                          • API String ID: 0-421492616
                                                                                                          • Opcode ID: 05768fdb5787cdd150f73dc34615d5523b37fe3d284d28a9ba49aaf1097d949c
                                                                                                          • Instruction ID: 09cab75ceeb1ca50778c04260478d8c2541632c43a743ab3d58322bae6825774
                                                                                                          • Opcode Fuzzy Hash: 05768fdb5787cdd150f73dc34615d5523b37fe3d284d28a9ba49aaf1097d949c
                                                                                                          • Instruction Fuzzy Hash: BC9200711093818FD379CF65C94AB9BBBE2FBC4704F10891DE69A9A260D7B18949CF43
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BC2E5D, Relevance: 21.9, Strings: 17, Instructions: 653COMMONCrypto
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 410 2bc2e5d-2bc3934 411 2bc393f 410->411 412 2bc3944-2bc394a 411->412 413 2bc3be6-2bc3be8 412->413 414 2bc3950 412->414 415 2bc3bee-2bc3bf4 413->415 416 2bc3ca8-2bc3d48 call 2bc4244 call 2bce1ac call 2bcfecb 413->416 417 2bc3ba5-2bc3be1 call 2bbc5d8 414->417 418 2bc3956-2bc395c 414->418 420 2bc3c69-2bc3c98 call 2bbc5d8 415->420 421 2bc3bf6-2bc3bfc 415->421 447 2bc3d4d-2bc3d53 416->447 417->412 423 2bc3b62-2bc3b9b call 2bccca0 call 2bbe404 418->423 424 2bc3962-2bc3968 418->424 445 2bc3c9e 420->445 446 2bc3a18-2bc3a22 420->446 427 2bc3bfe-2bc3c04 421->427 428 2bc3c20-2bc3c5f call 2bccca0 call 2bbe404 421->428 423->417 430 2bc3b2d-2bc3b5d call 2bcc9b0 424->430 431 2bc396e-2bc3974 424->431 434 2bc3d5e-2bc3d80 call 2bd2b09 427->434 435 2bc3c0a-2bc3c10 427->435 428->420 430->411 439 2bc397a-2bc3980 431->439 440 2bc3a96-2bc3acf call 2bccca0 431->440 434->446 435->447 448 2bc3c16-2bc3c1b 435->448 452 2bc3986-2bc398c 439->452 453 2bc3a23-2bc3a85 call 2bce1f8 call 2bd31aa call 2bcfecb 439->453 464 2bc3ae8-2bc3b28 call 2bccca0 call 2bbe404 440->464 465 2bc3ad1-2bc3ae5 440->465 445->416 447->412 459 2bc3d59 447->459 448->412 452->447 461 2bc3992-2bc3a11 call 2bc4244 call 2bb3325 call 2bcfecb 452->461 480 2bc3a8a-2bc3a91 453->480 459->434 461->446 464->480 465->464 480->411
                                                                                                          C-Code - Quality: 76%
                                                                                                          			E02BC2E5D(int __ecx, signed int __edx) {
				char _v128;
				char _v256;
				char _v288;
				intOrPtr _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				unsigned int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				signed int _v388;
				signed int _v392;
				unsigned int _v396;
				signed int _v400;
				signed int _v404;
				signed int _v408;
				signed int _v412;
				signed int _v416;
				signed int _v420;
				signed int _v424;
				signed int _v428;
				signed int _v432;
				signed int _v436;
				signed int _v440;
				signed int _v444;
				signed int _v448;
				signed int _v452;
				signed int _v456;
				signed int _v460;
				signed int _v464;
				signed int _v468;
				signed int _v472;
				unsigned int _v476;
				int _v480;
				signed int _v484;
				signed int _v488;
				signed int _v492;
				signed int _v496;
				signed int _v500;
				signed int _v504;
				signed int _v508;
				signed int _v512;
				signed int _v516;
				signed int _v520;
				signed int _v524;
				signed int _v528;
				unsigned int _v532;
				signed int _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				unsigned int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _v572;
				unsigned int _v576;
				void* _t707;
				void* _t708;
				signed int _t718;
				signed int _t732;
				signed int _t737;
				int _t740;
				void* _t742;
				void* _t750;
				signed int _t752;
				signed int _t758;
				signed int _t768;
				signed int _t769;
				intOrPtr _t770;
				int _t774;
				signed int _t786;
				void* _t832;
				void* _t833;
				void* _t836;
				void* _t837;
				signed int _t844;
				signed int _t845;
				signed int _t846;
				signed int _t847;
				signed int _t848;
				signed int _t849;
				signed int _t850;
				signed int _t851;
				signed int _t852;
				signed int _t853;
				signed int _t854;
				signed int _t855;
				signed int _t856;
				signed int _t857;
				signed int _t858;
				signed int _t859;
				signed int _t860;
				void* _t861;
				void* _t864;
				void* _t867;
				signed int _t870;
				unsigned int* _t871;
				void* _t875;

				_t774 = __ecx;
				_t871 =  &_v576;
				_v296 = __edx;
				_v480 = __ecx;
				_v420 = 0x6e1d72;
				_v420 = _v420 << 5;
				_v420 = _v420 * 0x3c;
				_t864 = 0xffd9b77;
				_v420 = _v420 ^ 0x39dcd700;
				_v532 = 0x1f7a5f;
				_t845 = 0xe;
				_v532 = _v532 / _t845;
				_v532 = _v532 ^ 0x6f56ef0e;
				_v532 = _v532 >> 0xa;
				_v532 = _v532 ^ 0x001a3d41;
				_v508 = 0xe1e69b;
				_v508 = _v508 + 0x2215;
				_v508 = _v508 + 0xffff2958;
				_v508 = _v508 + 0xffffaa0c;
				_v508 = _v508 ^ 0x00efd475;
				_v540 = 0xcd1956;
				_v540 = _v540 | 0x45240a95;
				_t846 = 0x77;
				_v540 = _v540 * 0x18;
				_v540 = _v540 ^ 0x336e332d;
				_v540 = _v540 ^ 0xbd574949;
				_v484 = 0x334a44;
				_v484 = _v484 ^ 0x919eff65;
				_v484 = _v484 / _t846;
				_v484 = _v484 | 0x2d19544d;
				_v484 = _v484 ^ 0x2d3e50ce;
				_v436 = 0x66ccc0;
				_v436 = _v436 + 0xffffec65;
				_t847 = 0x52;
				_v436 = _v436 * 0x24;
				_v436 = _v436 ^ 0x0e7c9935;
				_v492 = 0x2c49e8;
				_v492 = _v492 << 6;
				_v492 = _v492 << 2;
				_v492 = _v492 + 0xffff7e7f;
				_v492 = _v492 ^ 0x2c4d1795;
				_v348 = 0xb21165;
				_v348 = _v348 >> 0xb;
				_v348 = _v348 ^ 0x000033e8;
				_v464 = 0x27371d;
				_v464 = _v464 / _t847;
				_v464 = _v464 + 0xc709;
				_v464 = _v464 ^ 0x00086d33;
				_v476 = 0xe8a891;
				_v476 = _v476 >> 0xf;
				_v476 = _v476 + 0xffff587a;
				_v476 = _v476 ^ 0xfffd6e16;
				_v568 = 0xc76fce;
				_v568 = _v568 + 0xbc5c;
				_v568 = _v568 * 3;
				_v568 = _v568 | 0x5aa2bc40;
				_v568 = _v568 ^ 0x5afa6d0d;
				_v456 = 0xcc33e1;
				_v456 = _v456 ^ 0x6317d795;
				_v456 = _v456 | 0x1eb23508;
				_v456 = _v456 ^ 0x7ff946e0;
				_v560 = 0xede4ef;
				_v560 = _v560 + 0xffffe679;
				_t848 = 0x70;
				_v560 = _v560 / _t848;
				_v560 = _v560 << 5;
				_v560 = _v560 ^ 0x0043644b;
				_v500 = 0x670a53;
				_v500 = _v500 | 0x71b65663;
				_t849 = 0x2b;
				_v500 = _v500 * 0x3d;
				_v500 = _v500 + 0xfb01;
				_v500 = _v500 ^ 0x27fbe352;
				_v460 = 0x5f6e6b;
				_v460 = _v460 << 0xe;
				_v460 = _v460 | 0xdb801e45;
				_v460 = _v460 ^ 0xdb911bcb;
				_v404 = 0x155fb3;
				_v404 = _v404 + 0x82cf;
				_v404 = _v404 | 0x7954f6f3;
				_v404 = _v404 ^ 0x79505431;
				_v364 = 0x6447e1;
				_v364 = _v364 << 4;
				_v364 = _v364 ^ 0x064cce00;
				_v452 = 0x93f6b7;
				_v452 = _v452 | 0x0efbc074;
				_v452 = _v452 * 0x74;
				_v452 = _v452 ^ 0xca274b72;
				_v516 = 0x2e9555;
				_v516 = _v516 * 0x4d;
				_v516 = _v516 ^ 0x52348c71;
				_v516 = _v516 + 0xffff65c2;
				_v516 = _v516 ^ 0x5c3ff1c5;
				_v556 = 0x4e7cf7;
				_v556 = _v556 * 0x30;
				_v556 = _v556 ^ 0xab1a74ca;
				_v556 = _v556 | 0x39490d7c;
				_v556 = _v556 ^ 0xbde6ca21;
				_v304 = 0x79a99e;
				_v304 = _v304 | 0x92bbf026;
				_v304 = _v304 ^ 0x92fabbf2;
				_v444 = 0xf2d903;
				_v444 = _v444 * 0x13;
				_v444 = _v444 << 3;
				_v444 = _v444 ^ 0x90370785;
				_v388 = 0xce947f;
				_v388 = _v388 + 0xf4e6;
				_v388 = _v388 + 0xffffe2fa;
				_v388 = _v388 ^ 0x00c891aa;
				_v440 = 0x3724ee;
				_v440 = _v440 ^ 0xc994252f;
				_v440 = _v440 + 0xffff9dbe;
				_v440 = _v440 ^ 0xc9a5a4c3;
				_v544 = 0x9c24f5;
				_v544 = _v544 >> 8;
				_v544 = _v544 * 0x12;
				_v544 = _v544 + 0xb91e;
				_v544 = _v544 ^ 0x0007bff8;
				_v448 = 0x5ce888;
				_v448 = _v448 / _t849;
				_v448 = _v448 ^ 0x9d1dcba1;
				_v448 = _v448 ^ 0x9d138551;
				_v552 = 0x5ae9b7;
				_v552 = _v552 + 0xffffcdd3;
				_v552 = _v552 >> 0xa;
				_v552 = _v552 >> 3;
				_v552 = _v552 ^ 0x000286f6;
				_v372 = 0x1cfcf8;
				_v372 = _v372 << 0x10;
				_v372 = _v372 ^ 0xfcf9df5b;
				_v572 = 0x7fff3;
				_v572 = _v572 << 3;
				_v572 = _v572 | 0xc07f6c1b;
				_t850 = 0x6c;
				_v572 = _v572 / _t850;
				_v572 = _v572 ^ 0x01c5e077;
				_v468 = 0xb8a28e;
				_v468 = _v468 >> 0xa;
				_t851 = 7;
				_v468 = _v468 * 0x38;
				_v468 = _v468 ^ 0x0004661e;
				_v472 = 0x1c4be2;
				_v472 = _v472 >> 0xb;
				_v472 = _v472 / _t851;
				_v472 = _v472 ^ 0x000b37fd;
				_v324 = 0x397321;
				_v324 = _v324 + 0x4649;
				_v324 = _v324 ^ 0x003dbcde;
				_v564 = 0x90a3d2;
				_v564 = _v564 >> 0xf;
				_v564 = _v564 | 0x55e281c1;
				_v564 = _v564 + 0xffff9c60;
				_v564 = _v564 ^ 0x55ec6797;
				_v524 = 0x36ce4e;
				_v524 = _v524 + 0x9321;
				_v524 = _v524 ^ 0x68577083;
				_v524 = _v524 + 0x842e;
				_v524 = _v524 ^ 0x686a3805;
				_v380 = 0xf92015;
				_t852 = 0x57;
				_v380 = _v380 * 0x31;
				_v380 = _v380 ^ 0x2faa62dc;
				_v428 = 0xf06949;
				_v428 = _v428 ^ 0xe190386e;
				_v428 = _v428 | 0xd7c767f0;
				_v428 = _v428 ^ 0xf7e62dec;
				_v316 = 0x53402;
				_v316 = _v316 ^ 0x1a7eacd5;
				_v316 = _v316 ^ 0x1a780dc3;
				_v396 = 0xea020b;
				_v396 = _v396 / _t852;
				_v396 = _v396 >> 7;
				_v396 = _v396 ^ 0x0007fa92;
				_v576 = 0x94f18;
				_v576 = _v576 + 0x323;
				_t853 = 0x5a;
				_v576 = _v576 / _t853;
				_v576 = _v576 >> 7;
				_v576 = _v576 ^ 0x0009d62c;
				_v340 = 0x5ab89e;
				_v340 = _v340 + 0xcec5;
				_v340 = _v340 ^ 0x005981b9;
				_v424 = 0xf4fb06;
				_v424 = _v424 << 0xf;
				_v424 = _v424 + 0x6e15;
				_v424 = _v424 ^ 0x7d84f79d;
				_v308 = 0xe5ad48;
				_v308 = _v308 + 0xffff809e;
				_v308 = _v308 ^ 0x00e6a4ab;
				_v432 = 0xc8665e;
				_v432 = _v432 | 0xb25d9dfb;
				_v432 = _v432 * 0x51;
				_v432 = _v432 ^ 0x9835fda6;
				_v536 = 0x3c612a;
				_v536 = _v536 ^ 0xe3614c8f;
				_v536 = _v536 + 0x89b2;
				_v536 = _v536 >> 3;
				_v536 = _v536 ^ 0x1c61cdd9;
				_v312 = 0xb1cab1;
				_v312 = _v312 + 0x5335;
				_v312 = _v312 ^ 0x00b6c298;
				_v332 = 0x3dadc5;
				_v332 = _v332 >> 0xf;
				_v332 = _v332 ^ 0x00096a38;
				_v320 = 0xd2cf6d;
				_t854 = 0x5e;
				_v320 = _v320 / _t854;
				_v320 = _v320 ^ 0x000f4fea;
				_v528 = 0xbc9a67;
				_t768 = 0x35;
				_v528 = _v528 / _t768;
				_v528 = _v528 ^ 0x531db0de;
				_v528 = _v528 << 2;
				_v528 = _v528 ^ 0x4c7ccc72;
				_v368 = 0x9c5377;
				_v368 = _v368 | 0xa0dcba47;
				_v368 = _v368 ^ 0xa0d1bf3f;
				_v416 = 0x1ec4a4;
				_t855 = 0x79;
				_v416 = _v416 * 0x28;
				_v416 = _v416 / _t855;
				_v416 = _v416 ^ 0x00072384;
				_v376 = 0x2ac77;
				_v376 = _v376 << 0xf;
				_v376 = _v376 ^ 0x563f0855;
				_v412 = 0x448f7a;
				_v412 = _v412 << 0xd;
				_v412 = _v412 >> 2;
				_v412 = _v412 ^ 0x24738c34;
				_v356 = 0xc97c1e;
				_v356 = _v356 ^ 0x373e9b5c;
				_v356 = _v356 ^ 0x37f1bea5;
				_v548 = 0xc08620;
				_t856 = 0x3e;
				_v548 = _v548 * 0x48;
				_v548 = _v548 >> 0xe;
				_v548 = _v548 + 0x8cd4;
				_v548 = _v548 ^ 0x00077c97;
				_v504 = 0x1bacca;
				_v504 = _v504 / _t856;
				_v504 = _v504 + 0xffff3533;
				_v504 = _v504 + 0xffffc69c;
				_v504 = _v504 ^ 0xfffb1415;
				_v512 = 0x4f44ee;
				_v512 = _v512 + 0x177f;
				_v512 = _v512 + 0xce0c;
				_v512 = _v512 << 2;
				_v512 = _v512 ^ 0x014cc697;
				_v360 = 0x8b661;
				_t857 = 0x1e;
				_v360 = _v360 / _t857;
				_v360 = _v360 ^ 0x000dc15c;
				_v520 = 0xb38031;
				_v520 = _v520 | 0xa1714482;
				_t858 = 0x36;
				_t870 = _v296;
				_v520 = _v520 * 0x52;
				_v520 = _v520 + 0xc23a;
				_v520 = _v520 ^ 0xe016b971;
				_v496 = 0x319ddd;
				_v496 = _v496 / _t858;
				_t859 = 0x3b;
				_t860 = _v296;
				_v496 = _v496 / _t859;
				_v496 = _v496 + 0xffffa02a;
				_v496 = _v496 ^ 0xfff3e4c0;
				_v352 = 0x3691e9;
				_t769 = _v296;
				_v352 = _v352 / _t768;
				_v352 = _v352 ^ 0x000e8b32;
				_v408 = 0x2ac6b;
				_v408 = _v408 * 0x5a;
				_v408 = _v408 << 9;
				_v408 = _v408 ^ 0xe13230fa;
				_v392 = 0x204939;
				_v392 = _v392 + 0x4ed4;
				_v392 = _v392 * 0x35;
				_v392 = _v392 ^ 0x06bd0f48;
				_v336 = 0x1179fc;
				_v336 = _v336 + 0xffff73d1;
				_v336 = _v336 ^ 0x0013f977;
				_v400 = 0xb07871;
				_v400 = _v400 >> 3;
				_v400 = _v400 | 0xc580b254;
				_v400 = _v400 ^ 0xc59d0b5c;
				_v344 = 0x9fe4dd;
				_v344 = _v344 << 0xe;
				_v344 = _v344 ^ 0xf932a85a;
				_v328 = 0xd2ff81;
				_v328 = _v328 ^ 0x82aa1598;
				_v328 = _v328 ^ 0x827d602f;
				_v488 = 0x92e76b;
				_v488 = _v488 | 0x6946c4e8;
				_v488 = _v488 + 0xbbca;
				_v488 = _v488 * 0x54;
				_v488 = _v488 ^ 0xbac9f786;
				_v384 = 0xafba80;
				_v384 = _v384 ^ 0x0a481803;
				_v384 = _v384 << 6;
				_v384 = _v384 ^ 0xb9e44209;
				while(1) {
					L1:
					_t707 = 0x9c71ab3;
					do {
						while(1) {
							L2:
							_t875 = _t864 - 0x86fed85;
							if(_t875 <= 0) {
								break;
							}
							__eflags = _t864 - _t707;
							if(__eflags == 0) {
								_push(_v432);
								_t770 = _t860 + _t870;
								_push(_v308);
								_push(0x2bb1808);
								_v292 = _t770;
								_t708 = E02BC4244(_v340, _v424, __eflags);
								__eflags = _t770 - _t870;
								_t769 = E02BCE1AC(_v536, _t770 - _t870, _t870,  &_v256, _v312,  &_v288, _v332,  &_v128, _v320, _t770 - _t870) + _t870;
								E02BCFECB(_t708, _v528, _v368, _v416, _v376);
								_t774 = _v480;
								_t871 =  &(_t871[0xe]);
								_t864 = 0x1bf95f7;
								_t707 = 0x9c71ab3;
								goto L31;
							}
							__eflags = _t864 - 0xe33788a;
							if(_t864 == 0xe33788a) {
								_t860 = 0x4000;
								_push(_t774);
								_push(_t774);
								_t758 = E02BBC5D8(0x4000);
								_t871 =  &(_t871[3]);
								_v300 = _t758;
								__eflags = _t758;
								if(__eflags == 0) {
									return _t758;
								}
								_t864 = 0x77316ed;
								L14:
								_t774 = _v480;
								while(1) {
									L1:
									_t707 = 0x9c71ab3;
									goto L2;
								}
							}
							__eflags = _t864 - 0xf34fc82;
							if(_t864 == 0xf34fc82) {
								_push(_t774);
								_push(_t774);
								_t860 = E02BCCCA0(4, 0x10);
								_push( &_v128);
								_push(_t860);
								_push(_v560);
								_t833 = 0xb;
								E02BBE404(_v456, _t833);
								_t864 = 0x5f37ccd;
								L13:
								_t871 =  &(_t871[7]);
								goto L14;
							}
							__eflags = _t864 - 0xfefbdda;
							if(_t864 == 0xfefbdda) {
								E02BD2B09(_v328, _v300, _v488, _v384);
								return 0;
							}
							__eflags = _t864 - 0xffd9b77;
							if(__eflags != 0) {
								goto L31;
							}
							_t864 = 0x17d426e;
						}
						if(_t875 == 0) {
							_t860 = _t860 +  *((intOrPtr*)(_t774 + 4));
							_push(_t774);
							_push(_t774);
							_t718 = E02BBC5D8(_t860);
							_t774 = _v480;
							_t870 = _t718;
							_t871 =  &(_t871[3]);
							__eflags = _t870;
							_t707 = 0x9c71ab3;
							_t864 =  !=  ? 0x9c71ab3 : 0xfefbdda;
							goto L2;
						}
						if(_t864 == 0x17d426e) {
							_push(_t774);
							_push(_t774);
							_t860 = E02BCCCA0(1, 8);
							_push( &_v288);
							_push(_t860);
							_push(_v492);
							_t832 = 9;
							E02BBE404(_v436, _t832);
							_t864 = 0xf34fc82;
							goto L13;
						}
						if(_t864 == 0x1bf95f7) {
							E02BCC9B0(_v412, _t769, _v356,  *((intOrPtr*)(_t774 + 4)),  *_t774, _v548);
							_t774 = _v480;
							_t871 =  &(_t871[4]);
							_t864 = 0x7c1f8ac;
							_t769 = _t769 +  *((intOrPtr*)(_t774 + 4));
							goto L1;
						}
						if(_t864 == 0x5f37ccd) {
							_t867 =  &_v256;
							_push(_t774);
							_push(_t774);
							_t836 = E02BCCCA0(8, 0x10);
							_t871 =  &(_t871[4]);
							_t732 = _v420;
							__eflags = _t732 - _t836;
							if(_t732 < _t836) {
								_t844 = _t836 - _t732;
								_t861 = _t867;
								_t786 = _t844 >> 1;
								__eflags = _t786;
								_t740 = memset(_t861, 0x2d002d, _t786 << 2);
								asm("adc ecx, ecx");
								_t867 = _t867 + _t844 * 2;
								memset(_t861 + _t786, _t740, 0);
								_t871 =  &(_t871[6]);
								_t774 = 0;
							}
							_push(_t774);
							_push(_t774);
							_t737 = E02BCCCA0(8, 0x10);
							_push(_t867);
							_t860 = _t737;
							_push(_t860);
							_push(_v388);
							_t837 = 0xb;
							E02BBE404(_v444, _t837);
							_t864 = 0xe33788a;
							goto L13;
						}
						if(_t864 == 0x77316ed) {
							_push(_v472);
							_push(_v468);
							_push(_v572);
							_t742 = E02BCE1F8(0x2bb17a8, _v372, __eflags);
							_t871 =  &(_t871[3]);
							_push( &_v256);
							_push(_t742);
							_push(_t860);
							_push(_v300);
							 *((intOrPtr*)(E02BD31AA(0xb00b1257, 0x44)))();
							E02BCFECB(_t742, _v324, _v564, _v524, _v380);
							_t864 = 0x86fed85;
							goto L13;
						}
						_t880 = _t864 - 0x7c1f8ac;
						if(_t864 != 0x7c1f8ac) {
							goto L31;
						}
						_push(_v520);
						_push(_v360);
						_push(0x2bb1778);
						_t750 = E02BB3325( &_v256, E02BC4244(_v504, _v512, _t880), _v292 - _t769, _v352, _v408, _t769);
						E02BCFECB(_t747, _v392, _v336, _v400, _v344);
						_t752 = _v296;
						 *_t752 = _t870;
						 *((intOrPtr*)(_t752 + 4)) = _t769 + _t750 - _t870;
						L10:
						return _v300;
						L31:
						__eflags = _t864 - 0xc7faa3a;
					} while (__eflags != 0);
					goto L10;
				}
			}
























































































































                                                                                                          0x02bc2e5d
                                                                                                          0x02bc2e5d
                                                                                                          0x02bc2e67
                                                                                                          0x02bc2e6e
                                                                                                          0x02bc2e72
                                                                                                          0x02bc2e7d
                                                                                                          0x02bc2e8d
                                                                                                          0x02bc2e94
                                                                                                          0x02bc2e99
                                                                                                          0x02bc2ea4
                                                                                                          0x02bc2eb4
                                                                                                          0x02bc2eb9
                                                                                                          0x02bc2ebf
                                                                                                          0x02bc2ec7
                                                                                                          0x02bc2ecc
                                                                                                          0x02bc2ed4
                                                                                                          0x02bc2edc
                                                                                                          0x02bc2ee4
                                                                                                          0x02bc2eec
                                                                                                          0x02bc2ef4
                                                                                                          0x02bc2efc
                                                                                                          0x02bc2f04
                                                                                                          0x02bc2f11
                                                                                                          0x02bc2f14
                                                                                                          0x02bc2f18
                                                                                                          0x02bc2f20
                                                                                                          0x02bc2f28
                                                                                                          0x02bc2f30
                                                                                                          0x02bc2f40
                                                                                                          0x02bc2f44
                                                                                                          0x02bc2f4c
                                                                                                          0x02bc2f54
                                                                                                          0x02bc2f5f
                                                                                                          0x02bc2f72
                                                                                                          0x02bc2f73
                                                                                                          0x02bc2f7a
                                                                                                          0x02bc2f85
                                                                                                          0x02bc2f8d
                                                                                                          0x02bc2f92
                                                                                                          0x02bc2f97
                                                                                                          0x02bc2f9f
                                                                                                          0x02bc2fa7
                                                                                                          0x02bc2fb2
                                                                                                          0x02bc2fba
                                                                                                          0x02bc2fc5
                                                                                                          0x02bc2fd9
                                                                                                          0x02bc2fe0
                                                                                                          0x02bc2feb
                                                                                                          0x02bc2ff6
                                                                                                          0x02bc2ffe
                                                                                                          0x02bc3003
                                                                                                          0x02bc300b
                                                                                                          0x02bc3013
                                                                                                          0x02bc301b
                                                                                                          0x02bc3028
                                                                                                          0x02bc302c
                                                                                                          0x02bc3034
                                                                                                          0x02bc303c
                                                                                                          0x02bc3047
                                                                                                          0x02bc3052
                                                                                                          0x02bc305d
                                                                                                          0x02bc3068
                                                                                                          0x02bc3070
                                                                                                          0x02bc3080
                                                                                                          0x02bc3085
                                                                                                          0x02bc308b
                                                                                                          0x02bc3090
                                                                                                          0x02bc3098
                                                                                                          0x02bc30a0
                                                                                                          0x02bc30ad
                                                                                                          0x02bc30ae
                                                                                                          0x02bc30b2
                                                                                                          0x02bc30ba
                                                                                                          0x02bc30c2
                                                                                                          0x02bc30cd
                                                                                                          0x02bc30d5
                                                                                                          0x02bc30e0
                                                                                                          0x02bc30eb
                                                                                                          0x02bc30f6
                                                                                                          0x02bc3101
                                                                                                          0x02bc310c
                                                                                                          0x02bc3117
                                                                                                          0x02bc3122
                                                                                                          0x02bc312a
                                                                                                          0x02bc3135
                                                                                                          0x02bc3140
                                                                                                          0x02bc3153
                                                                                                          0x02bc315a
                                                                                                          0x02bc3165
                                                                                                          0x02bc3172
                                                                                                          0x02bc3176
                                                                                                          0x02bc317e
                                                                                                          0x02bc3186
                                                                                                          0x02bc318e
                                                                                                          0x02bc319b
                                                                                                          0x02bc319f
                                                                                                          0x02bc31a7
                                                                                                          0x02bc31af
                                                                                                          0x02bc31b7
                                                                                                          0x02bc31c2
                                                                                                          0x02bc31cd
                                                                                                          0x02bc31d8
                                                                                                          0x02bc31eb
                                                                                                          0x02bc31f2
                                                                                                          0x02bc31fa
                                                                                                          0x02bc3205
                                                                                                          0x02bc3210
                                                                                                          0x02bc321b
                                                                                                          0x02bc3226
                                                                                                          0x02bc3231
                                                                                                          0x02bc323c
                                                                                                          0x02bc3247
                                                                                                          0x02bc3252
                                                                                                          0x02bc325d
                                                                                                          0x02bc3265
                                                                                                          0x02bc326f
                                                                                                          0x02bc3273
                                                                                                          0x02bc327b
                                                                                                          0x02bc3283
                                                                                                          0x02bc3297
                                                                                                          0x02bc329e
                                                                                                          0x02bc32a9
                                                                                                          0x02bc32b4
                                                                                                          0x02bc32bc
                                                                                                          0x02bc32c4
                                                                                                          0x02bc32c9
                                                                                                          0x02bc32ce
                                                                                                          0x02bc32d6
                                                                                                          0x02bc32e1
                                                                                                          0x02bc32e9
                                                                                                          0x02bc32f4
                                                                                                          0x02bc32fe
                                                                                                          0x02bc3303
                                                                                                          0x02bc3311
                                                                                                          0x02bc3316
                                                                                                          0x02bc331c
                                                                                                          0x02bc3324
                                                                                                          0x02bc332f
                                                                                                          0x02bc333f
                                                                                                          0x02bc3342
                                                                                                          0x02bc3349
                                                                                                          0x02bc3354
                                                                                                          0x02bc335c
                                                                                                          0x02bc3369
                                                                                                          0x02bc336d
                                                                                                          0x02bc3375
                                                                                                          0x02bc3380
                                                                                                          0x02bc338b
                                                                                                          0x02bc3396
                                                                                                          0x02bc339e
                                                                                                          0x02bc33a3
                                                                                                          0x02bc33ab
                                                                                                          0x02bc33b3
                                                                                                          0x02bc33bb
                                                                                                          0x02bc33c3
                                                                                                          0x02bc33cb
                                                                                                          0x02bc33d3
                                                                                                          0x02bc33db
                                                                                                          0x02bc33e3
                                                                                                          0x02bc33f6
                                                                                                          0x02bc33f9
                                                                                                          0x02bc3400
                                                                                                          0x02bc340b
                                                                                                          0x02bc3416
                                                                                                          0x02bc3421
                                                                                                          0x02bc342c
                                                                                                          0x02bc3437
                                                                                                          0x02bc3442
                                                                                                          0x02bc344d
                                                                                                          0x02bc3458
                                                                                                          0x02bc346e
                                                                                                          0x02bc3475
                                                                                                          0x02bc347d
                                                                                                          0x02bc3488
                                                                                                          0x02bc3490
                                                                                                          0x02bc349c
                                                                                                          0x02bc349f
                                                                                                          0x02bc34a3
                                                                                                          0x02bc34a8
                                                                                                          0x02bc34b0
                                                                                                          0x02bc34bb
                                                                                                          0x02bc34c6
                                                                                                          0x02bc34d1
                                                                                                          0x02bc34dc
                                                                                                          0x02bc34e4
                                                                                                          0x02bc34ef
                                                                                                          0x02bc34fa
                                                                                                          0x02bc3505
                                                                                                          0x02bc3510
                                                                                                          0x02bc351b
                                                                                                          0x02bc3526
                                                                                                          0x02bc3539
                                                                                                          0x02bc3540
                                                                                                          0x02bc354d
                                                                                                          0x02bc3555
                                                                                                          0x02bc355d
                                                                                                          0x02bc3565
                                                                                                          0x02bc356a
                                                                                                          0x02bc3572
                                                                                                          0x02bc357d
                                                                                                          0x02bc3588
                                                                                                          0x02bc3593
                                                                                                          0x02bc359e
                                                                                                          0x02bc35a6
                                                                                                          0x02bc35b1
                                                                                                          0x02bc35c5
                                                                                                          0x02bc35ca
                                                                                                          0x02bc35d3
                                                                                                          0x02bc35de
                                                                                                          0x02bc35ea
                                                                                                          0x02bc35ef
                                                                                                          0x02bc35f5
                                                                                                          0x02bc35fd
                                                                                                          0x02bc3602
                                                                                                          0x02bc360a
                                                                                                          0x02bc3615
                                                                                                          0x02bc3620
                                                                                                          0x02bc362b
                                                                                                          0x02bc363e
                                                                                                          0x02bc3641
                                                                                                          0x02bc3653
                                                                                                          0x02bc365a
                                                                                                          0x02bc3665
                                                                                                          0x02bc3670
                                                                                                          0x02bc3678
                                                                                                          0x02bc3683
                                                                                                          0x02bc368e
                                                                                                          0x02bc3696
                                                                                                          0x02bc369e
                                                                                                          0x02bc36a9
                                                                                                          0x02bc36b4
                                                                                                          0x02bc36bf
                                                                                                          0x02bc36ca
                                                                                                          0x02bc36d7
                                                                                                          0x02bc36da
                                                                                                          0x02bc36de
                                                                                                          0x02bc36e3
                                                                                                          0x02bc36eb
                                                                                                          0x02bc36f3
                                                                                                          0x02bc3703
                                                                                                          0x02bc3707
                                                                                                          0x02bc370f
                                                                                                          0x02bc3717
                                                                                                          0x02bc371f
                                                                                                          0x02bc3727
                                                                                                          0x02bc372f
                                                                                                          0x02bc3737
                                                                                                          0x02bc373c
                                                                                                          0x02bc3744
                                                                                                          0x02bc3756
                                                                                                          0x02bc3759
                                                                                                          0x02bc3760
                                                                                                          0x02bc376d
                                                                                                          0x02bc3775
                                                                                                          0x02bc3784
                                                                                                          0x02bc3787
                                                                                                          0x02bc378e
                                                                                                          0x02bc3792
                                                                                                          0x02bc379a
                                                                                                          0x02bc37a2
                                                                                                          0x02bc37b2
                                                                                                          0x02bc37ba
                                                                                                          0x02bc37bf
                                                                                                          0x02bc37c6
                                                                                                          0x02bc37ca
                                                                                                          0x02bc37d2
                                                                                                          0x02bc37da
                                                                                                          0x02bc37ee
                                                                                                          0x02bc37f5
                                                                                                          0x02bc37fc
                                                                                                          0x02bc3807
                                                                                                          0x02bc381a
                                                                                                          0x02bc3821
                                                                                                          0x02bc3829
                                                                                                          0x02bc3834
                                                                                                          0x02bc383f
                                                                                                          0x02bc3852
                                                                                                          0x02bc3859
                                                                                                          0x02bc3864
                                                                                                          0x02bc386f
                                                                                                          0x02bc387a
                                                                                                          0x02bc3885
                                                                                                          0x02bc3890
                                                                                                          0x02bc3898
                                                                                                          0x02bc38a3
                                                                                                          0x02bc38ae
                                                                                                          0x02bc38b9
                                                                                                          0x02bc38c1
                                                                                                          0x02bc38cc
                                                                                                          0x02bc38d7
                                                                                                          0x02bc38e2
                                                                                                          0x02bc38ed
                                                                                                          0x02bc38f5
                                                                                                          0x02bc38fd
                                                                                                          0x02bc390a
                                                                                                          0x02bc390e
                                                                                                          0x02bc3916
                                                                                                          0x02bc3921
                                                                                                          0x02bc392c
                                                                                                          0x02bc3934
                                                                                                          0x02bc393f
                                                                                                          0x02bc393f
                                                                                                          0x02bc393f
                                                                                                          0x02bc3944
                                                                                                          0x02bc3944
                                                                                                          0x02bc3944
                                                                                                          0x02bc3944
                                                                                                          0x02bc394a
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bc3be6
                                                                                                          0x02bc3be8
                                                                                                          0x02bc3ca8
                                                                                                          0x02bc3caf
                                                                                                          0x02bc3cb2
                                                                                                          0x02bc3cc7
                                                                                                          0x02bc3ccc
                                                                                                          0x02bc3cd3
                                                                                                          0x02bc3cda
                                                                                                          0x02bc3d26
                                                                                                          0x02bc3d34
                                                                                                          0x02bc3d39
                                                                                                          0x02bc3d40
                                                                                                          0x02bc3d43
                                                                                                          0x02bc3d48
                                                                                                          0x00000000
                                                                                                          0x02bc3d48
                                                                                                          0x02bc3bee
                                                                                                          0x02bc3bf4
                                                                                                          0x02bc3c6d
                                                                                                          0x02bc3c84
                                                                                                          0x02bc3c85
                                                                                                          0x02bc3c87
                                                                                                          0x02bc3c8c
                                                                                                          0x02bc3c8f
                                                                                                          0x02bc3c96
                                                                                                          0x02bc3c98
                                                                                                          0x02bc3a22
                                                                                                          0x02bc3a22
                                                                                                          0x02bc3c9e
                                                                                                          0x02bc3a8d
                                                                                                          0x02bc3a8d
                                                                                                          0x02bc393f
                                                                                                          0x02bc393f
                                                                                                          0x02bc393f
                                                                                                          0x00000000
                                                                                                          0x02bc393f
                                                                                                          0x02bc393f
                                                                                                          0x02bc3bf6
                                                                                                          0x02bc3bfc
                                                                                                          0x02bc3c36
                                                                                                          0x02bc3c37
                                                                                                          0x02bc3c41
                                                                                                          0x02bc3c4a
                                                                                                          0x02bc3c4b
                                                                                                          0x02bc3c4c
                                                                                                          0x02bc3c59
                                                                                                          0x02bc3c5a
                                                                                                          0x02bc3c5f
                                                                                                          0x02bc3a8a
                                                                                                          0x02bc3a8a
                                                                                                          0x00000000
                                                                                                          0x02bc3a8a
                                                                                                          0x02bc3bfe
                                                                                                          0x02bc3c04
                                                                                                          0x02bc3d77
                                                                                                          0x00000000
                                                                                                          0x02bc3d7e
                                                                                                          0x02bc3c0a
                                                                                                          0x02bc3c10
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bc3c16
                                                                                                          0x02bc3c16
                                                                                                          0x02bc3950
                                                                                                          0x02bc3bb0
                                                                                                          0x02bc3bc1
                                                                                                          0x02bc3bc2
                                                                                                          0x02bc3bc4
                                                                                                          0x02bc3bc9
                                                                                                          0x02bc3bcd
                                                                                                          0x02bc3bcf
                                                                                                          0x02bc3bd7
                                                                                                          0x02bc3bd9
                                                                                                          0x02bc3bde
                                                                                                          0x00000000
                                                                                                          0x02bc3bde
                                                                                                          0x02bc395c
                                                                                                          0x02bc3b72
                                                                                                          0x02bc3b73
                                                                                                          0x02bc3b7d
                                                                                                          0x02bc3b86
                                                                                                          0x02bc3b87
                                                                                                          0x02bc3b88
                                                                                                          0x02bc3b95
                                                                                                          0x02bc3b96
                                                                                                          0x02bc3b9b
                                                                                                          0x00000000
                                                                                                          0x02bc3b9b
                                                                                                          0x02bc3968
                                                                                                          0x02bc3b46
                                                                                                          0x02bc3b4b
                                                                                                          0x02bc3b52
                                                                                                          0x02bc3b55
                                                                                                          0x02bc3b5a
                                                                                                          0x00000000
                                                                                                          0x02bc3b5a
                                                                                                          0x02bc3974
                                                                                                          0x02bc3a9d
                                                                                                          0x02bc3ab6
                                                                                                          0x02bc3ab7
                                                                                                          0x02bc3ac1
                                                                                                          0x02bc3ac3
                                                                                                          0x02bc3ac6
                                                                                                          0x02bc3acd
                                                                                                          0x02bc3acf
                                                                                                          0x02bc3ad1
                                                                                                          0x02bc3ad3
                                                                                                          0x02bc3adc
                                                                                                          0x02bc3adc
                                                                                                          0x02bc3ade
                                                                                                          0x02bc3ae0
                                                                                                          0x02bc3ae2
                                                                                                          0x02bc3ae5
                                                                                                          0x02bc3ae5
                                                                                                          0x02bc3ae5
                                                                                                          0x02bc3ae5
                                                                                                          0x02bc3afe
                                                                                                          0x02bc3aff
                                                                                                          0x02bc3b04
                                                                                                          0x02bc3b09
                                                                                                          0x02bc3b0a
                                                                                                          0x02bc3b0c
                                                                                                          0x02bc3b0d
                                                                                                          0x02bc3b1d
                                                                                                          0x02bc3b1e
                                                                                                          0x02bc3b23
                                                                                                          0x00000000
                                                                                                          0x02bc3b23
                                                                                                          0x02bc3980
                                                                                                          0x02bc3a23
                                                                                                          0x02bc3a2c
                                                                                                          0x02bc3a33
                                                                                                          0x02bc3a3e
                                                                                                          0x02bc3a43
                                                                                                          0x02bc3a54
                                                                                                          0x02bc3a55
                                                                                                          0x02bc3a56
                                                                                                          0x02bc3a57
                                                                                                          0x02bc3a66
                                                                                                          0x02bc3a80
                                                                                                          0x02bc3a85
                                                                                                          0x00000000
                                                                                                          0x02bc3a85
                                                                                                          0x02bc3986
                                                                                                          0x02bc398c
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bc3992
                                                                                                          0x02bc3996
                                                                                                          0x02bc39a5
                                                                                                          0x02bc39d6
                                                                                                          0x02bc39fb
                                                                                                          0x02bc3a00
                                                                                                          0x02bc3a0c
                                                                                                          0x02bc3a0e
                                                                                                          0x02bc3a11
                                                                                                          0x00000000
                                                                                                          0x02bc3d4d
                                                                                                          0x02bc3d4d
                                                                                                          0x02bc3d4d
                                                                                                          0x00000000
                                                                                                          0x02bc3d59

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: !s9$*a<$-3n3$1TPy$5S$8j$9I $DJ3$IF$Sg$kn_$|I9$$7$3$DO$Gd$I,
                                                                                                          • API String ID: 0-3070105227
                                                                                                          • Opcode ID: fc5fcc3e1051f91e0e6b8df12867be426340397bf38dbf9730bec8c1bfb22eb4
                                                                                                          • Instruction ID: b82b615fac3390924c304be9ca910b8b4a81ac9cb93870736f605b171dc6dae5
                                                                                                          • Opcode Fuzzy Hash: fc5fcc3e1051f91e0e6b8df12867be426340397bf38dbf9730bec8c1bfb22eb4
                                                                                                          • Instruction Fuzzy Hash: E472FF715083819BD3B8CF25C58AB9FBBE1BBC4714F10891DE6DA9A260D7B09949CF43
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BB3431, Relevance: 17.0, Strings: 13, Instructions: 746COMMONCrypto
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 483 2bb3431-2bb425f 484 2bb4267-2bb4271 483->484 485 2bb4276-2bb4278 484->485 486 2bb4628-2bb462e 485->486 487 2bb427e 485->487 488 2bb46fc-2bb471b call 2bd2b09 486->488 489 2bb4634-2bb4636 486->489 490 2bb44d1-2bb4620 call 2bce1f8 * 2 call 2bc00c5 call 2bb49a4 call 2bcfecb * 2 487->490 491 2bb4284-2bb428a 487->491 508 2bb471d-2bb4727 488->508 493 2bb4638-2bb463e 489->493 494 2bb464e-2bb46f4 call 2bce1f8 call 2bbf288 call 2bcfecb 489->494 490->486 496 2bb43f9-2bb44cc call 2bce1f8 * 2 call 2bb738a call 2bcfecb * 2 491->496 497 2bb4290-2bb4292 491->497 500 2bb472c-2bb4732 493->500 501 2bb4644-2bb4649 493->501 494->488 547 2bb43ef-2bb43f4 496->547 503 2bb4311-2bb43c1 call 2bce1f8 call 2bb50e8 497->503 504 2bb4294-2bb4296 497->504 500->485 509 2bb4738 500->509 501->485 534 2bb43ca 503->534 535 2bb43c3-2bb43c8 503->535 511 2bb4298-2bb429a 504->511 512 2bb42cd-2bb430c call 2bbc5d8 504->512 508->500 509->509 511->500 518 2bb42a0-2bb42cc call 2bbf7fe 511->518 512->484 538 2bb43cf-2bb43ec call 2bcfecb 534->538 535->538 538->547 547->508
                                                                                                          C-Code - Quality: 95%
                                                                                                          			E02BB3431(intOrPtr __ecx) {
				char _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				char* _v48;
				intOrPtr _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				char _v68;
				intOrPtr _v72;
				char _v76;
				char _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				unsigned int _v284;
				signed int _v288;
				signed int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				signed int _v388;
				signed int _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				signed int _v408;
				signed int _v412;
				signed int _v416;
				signed int _v420;
				signed int _v424;
				signed int _v428;
				signed int _v432;
				signed int _v436;
				signed int _v440;
				signed int _v444;
				signed int _v448;
				void* _t880;
				void* _t883;
				intOrPtr _t884;
				intOrPtr _t891;
				void* _t892;
				signed int _t894;
				char _t897;
				void* _t905;
				intOrPtr _t918;
				void* _t919;
				intOrPtr _t925;
				intOrPtr _t927;
				void* _t929;
				signed int _t935;
				signed int _t936;
				signed int _t937;
				signed int _t938;
				signed int _t939;
				signed int _t940;
				signed int _t941;
				signed int _t942;
				signed int _t943;
				signed int _t944;
				signed int _t945;
				signed int _t946;
				signed int _t947;
				signed int _t948;
				signed int _t949;
				signed int _t950;
				signed int _t951;
				void* _t952;
				intOrPtr _t974;
				intOrPtr _t977;
				void* _t1017;
				intOrPtr _t1018;
				void* _t1038;
				intOrPtr _t1039;
				void* _t1041;
				void* _t1046;
				signed int* _t1048;
				signed int* _t1052;
				void* _t1054;

				_t1048 =  &_v448;
				_v436 = 0x369131;
				_v436 = _v436 >> 0xc;
				_v72 = __ecx;
				_t1046 = 0;
				_t935 = 0x47;
				_v436 = _v436 / _t935;
				_t929 = 0xda5043f;
				_t936 = 0x5f;
				_v436 = _v436 * 0x17;
				_v436 = _v436 ^ 0x4d42455f;
				_v208 = 0xf6fdfa;
				_v208 = _v208 | 0x2cc981c8;
				_v208 = _v208 ^ 0x2cfffdfb;
				_v424 = 0xd0dd87;
				_v424 = _v424 << 0xd;
				_v424 = _v424 | 0x1c0753be;
				_v424 = _v424 << 0xb;
				_v424 = _v424 ^ 0xbf9df000;
				_v168 = 0x27916c;
				_v168 = _v168 << 0xc;
				_v168 = _v168 ^ 0x7916c000;
				_v112 = 0xb477a9;
				_v112 = _v112 << 0xb;
				_v112 = _v112 ^ 0xa3bd4800;
				_v220 = 0xe97999;
				_v220 = _v220 + 0xffffec6a;
				_v220 = _v220 ^ 0x00e96603;
				_v204 = 0x9e1a7f;
				_v204 = _v204 >> 5;
				_v204 = _v204 ^ 0x0004f0d3;
				_v268 = 0x424ea5;
				_v268 = _v268 ^ 0x63de6ac8;
				_v268 = _v268 + 0xffff47e2;
				_v268 = _v268 ^ 0x639b6c4f;
				_v260 = 0xd00e0b;
				_v260 = _v260 + 0x7bec;
				_v260 = _v260 + 0x9dda;
				_v260 = _v260 ^ 0x00d127d1;
				_v200 = 0x4c3c29;
				_v200 = _v200 + 0xffffc8b9;
				_v200 = _v200 ^ 0x004c04e2;
				_v248 = 0x4debf8;
				_v248 = _v248 + 0xffff1b2a;
				_v248 = _v248 << 9;
				_v248 = _v248 ^ 0x9a0e4400;
				_v228 = 0x8afd86;
				_v228 = _v228 / _t936;
				_v228 = _v228 << 4;
				_v228 = _v228 ^ 0x001768a0;
				_v96 = 0x2eb3c6;
				_v96 = _v96 << 0xd;
				_v96 = _v96 ^ 0xd678c020;
				_v420 = 0x274aed;
				_v420 = _v420 | 0x31740d1a;
				_v420 = _v420 + 0xffff9582;
				_v420 = _v420 | 0x350cf820;
				_v420 = _v420 ^ 0x35767196;
				_v364 = 0x6881b7;
				_v364 = _v364 * 7;
				_v364 = _v364 + 0xffffc912;
				_v364 = _v364 * 0x25;
				_v364 = _v364 ^ 0x69b6ddf9;
				_v184 = 0xd44f20;
				_v184 = _v184 ^ 0xce5a0ea9;
				_v184 = _v184 ^ 0xce89b855;
				_v264 = 0x81d5a2;
				_v264 = _v264 >> 8;
				_v264 = _v264 ^ 0x29112c15;
				_v264 = _v264 ^ 0x291faa41;
				_v100 = 0x37cb15;
				_t937 = 6;
				_v100 = _v100 * 0x62;
				_v100 = _v100 ^ 0x1559514e;
				_v380 = 0xd5dbc2;
				_v380 = _v380 ^ 0x7753e321;
				_v380 = _v380 + 0xffff7b0c;
				_v380 = _v380 << 8;
				_v380 = _v380 ^ 0x85ba1641;
				_v176 = 0xe5b425;
				_v176 = _v176 ^ 0xa878a978;
				_v176 = _v176 ^ 0xa898c785;
				_v120 = 0xd260b8;
				_v120 = _v120 / _t937;
				_v120 = _v120 ^ 0x00230c57;
				_v288 = 0xdcc1d5;
				_v288 = _v288 | 0xf1bc740f;
				_v288 = _v288 >> 0xf;
				_v288 = _v288 ^ 0x000063e4;
				_v232 = 0xe5d66a;
				_t938 = 0x2c;
				_v232 = _v232 * 0x6c;
				_v232 = _v232 / _t938;
				_v232 = _v232 ^ 0x02301c7d;
				_v296 = 0x2a124;
				_v296 = _v296 | 0xd0f8a1f6;
				_v296 = _v296 >> 3;
				_v296 = _v296 ^ 0x1a145567;
				_v160 = 0xc3c6af;
				_v160 = _v160 + 0xd2dc;
				_v160 = _v160 ^ 0x00c22786;
				_v348 = 0x8f150e;
				_v348 = _v348 + 0xa59e;
				_t939 = 0x59;
				_v348 = _v348 / _t939;
				_v348 = _v348 >> 0xe;
				_v348 = _v348 ^ 0x00038203;
				_v412 = 0x22c1c6;
				_v412 = _v412 | 0x52a0f1e9;
				_v412 = _v412 >> 0xe;
				_v412 = _v412 + 0x5f9c;
				_v412 = _v412 ^ 0x0003206f;
				_v256 = 0x6eace8;
				_v256 = _v256 | 0x5e36471d;
				_v256 = _v256 + 0xaa22;
				_v256 = _v256 ^ 0x5e7c911d;
				_v372 = 0x114227;
				_v372 = _v372 << 0xe;
				_v372 = _v372 >> 4;
				_v372 = _v372 + 0xffff3250;
				_v372 = _v372 ^ 0x05091a3a;
				_v152 = 0xb2c113;
				_v152 = _v152 | 0xd4a79ff0;
				_v152 = _v152 ^ 0xd4b69369;
				_v404 = 0xac8dd0;
				_v404 = _v404 | 0xfe2c74c4;
				_v404 = _v404 + 0xfffff2df;
				_v404 = _v404 ^ 0xd6ca137b;
				_v404 = _v404 ^ 0x2865160f;
				_v92 = 0xc872d4;
				_v92 = _v92 ^ 0x1ab36d9e;
				_v92 = _v92 ^ 0x1a793755;
				_v104 = 0x4ab196;
				_v104 = _v104 << 8;
				_v104 = _v104 ^ 0x4ab50517;
				_v448 = 0xada0e7;
				_t940 = 0x71;
				_v448 = _v448 * 0x69;
				_v448 = _v448 ^ 0xf900bd50;
				_v448 = _v448 + 0x197e;
				_v448 = _v448 ^ 0xbe3853b0;
				_v396 = 0x11e923;
				_v396 = _v396 + 0x3954;
				_v396 = _v396 / _t940;
				_v396 = _v396 >> 0xc;
				_v396 = _v396 ^ 0x00018e0c;
				_v336 = 0x5f85c1;
				_v336 = _v336 | 0x2e05641a;
				_v336 = _v336 + 0xffffe3b2;
				_v336 = _v336 ^ 0x2e57dda5;
				_v144 = 0xd04b4f;
				_v144 = _v144 | 0x24a920ad;
				_v144 = _v144 ^ 0x24f2194c;
				_v332 = 0xa51135;
				_v332 = _v332 | 0x0e3f3b11;
				_v332 = _v332 << 1;
				_v332 = _v332 ^ 0x1d7bc296;
				_v432 = 0x91d3da;
				_v432 = _v432 ^ 0xfb7827da;
				_v432 = _v432 ^ 0x8307cadb;
				_v432 = _v432 ^ 0x96a6215b;
				_v432 = _v432 ^ 0xee460da5;
				_v440 = 0x76ea73;
				_t941 = 0x68;
				_v440 = _v440 * 0x64;
				_v440 = _v440 * 0x74;
				_v440 = _v440 + 0xffff4177;
				_v440 = _v440 ^ 0x0c5f6cc4;
				_v84 = 0xe35803;
				_v84 = _v84 << 2;
				_v84 = _v84 ^ 0x038e6518;
				_v416 = 0xaf3ba8;
				_v416 = _v416 / _t941;
				_v416 = _v416 << 4;
				_v416 = _v416 ^ 0x48935165;
				_v416 = _v416 ^ 0x4881449f;
				_v212 = 0x801900;
				_v212 = _v212 + 0xffff42b5;
				_v212 = _v212 ^ 0x0072cd25;
				_v308 = 0xdd451d;
				_v308 = _v308 << 7;
				_v308 = _v308 + 0xffff5c98;
				_v308 = _v308 ^ 0x6ea87981;
				_v400 = 0xde1a46;
				_v400 = _v400 + 0xffff765a;
				_v400 = _v400 / _t941;
				_v400 = _v400 << 9;
				_v400 = _v400 ^ 0x044894be;
				_v316 = 0xd965ab;
				_t942 = 0x67;
				_v316 = _v316 / _t942;
				_v316 = _v316 ^ 0xab5bfdd1;
				_v316 = _v316 ^ 0xab5ad192;
				_v408 = 0x2ea377;
				_v408 = _v408 ^ 0x7c77aa70;
				_v408 = _v408 * 0x1b;
				_t943 = 0x5b;
				_v408 = _v408 / _t943;
				_v408 = _v408 ^ 0x00544ec9;
				_v324 = 0xbe9a08;
				_t944 = 0x3b;
				_v324 = _v324 * 0x43;
				_v324 = _v324 >> 2;
				_v324 = _v324 ^ 0x0c769314;
				_v300 = 0x976b15;
				_v300 = _v300 + 0xffff7da5;
				_v300 = _v300 ^ 0x81b758ca;
				_v300 = _v300 ^ 0x81238506;
				_v180 = 0xcec496;
				_v180 = _v180 + 0xd8a;
				_v180 = _v180 ^ 0x00c56088;
				_v188 = 0xaed086;
				_v188 = _v188 / _t944;
				_v188 = _v188 ^ 0x0009ea52;
				_v196 = 0x3b56fa;
				_v196 = _v196 ^ 0xac6111bd;
				_v196 = _v196 ^ 0xac5e4370;
				_v292 = 0x9c517b;
				_t945 = 0xe;
				_v292 = _v292 * 0x4d;
				_v292 = _v292 << 0x10;
				_v292 = _v292 ^ 0x81f0babf;
				_v164 = 0xb8b001;
				_v164 = _v164 * 0x6d;
				_v164 = _v164 ^ 0x4ea63487;
				_v172 = 0xad6cfe;
				_v172 = _v172 + 0xffff2ed4;
				_v172 = _v172 ^ 0x00a06f33;
				_v392 = 0x7c182;
				_v392 = _v392 + 0xffff354a;
				_v392 = _v392 >> 9;
				_v392 = _v392 | 0x25902c29;
				_v392 = _v392 ^ 0x259a4e3f;
				_v384 = 0x5bc0d6;
				_v384 = _v384 << 1;
				_v384 = _v384 >> 3;
				_v384 = _v384 >> 0xb;
				_v384 = _v384 ^ 0x00007445;
				_v148 = 0xb53a42;
				_v148 = _v148 + 0x9a8c;
				_v148 = _v148 ^ 0x00ba1df9;
				_v340 = 0x4937cc;
				_v340 = _v340 / _t945;
				_v340 = _v340 * 0x55;
				_v340 = _v340 ^ 0x01b4526f;
				_v156 = 0xcb2355;
				_v156 = _v156 + 0x87d8;
				_v156 = _v156 ^ 0x00cab12c;
				_v276 = 0x1d3606;
				_v276 = _v276 ^ 0xef8573e3;
				_v276 = _v276 + 0xe74c;
				_v276 = _v276 ^ 0xef9451f2;
				_v124 = 0xea90d8;
				_v124 = _v124 >> 0xc;
				_v124 = _v124 ^ 0x000c3a09;
				_v132 = 0x9d7def;
				_v132 = _v132 << 0xe;
				_v132 = _v132 ^ 0x5f719987;
				_v376 = 0x89d7c2;
				_v376 = _v376 + 0xfffff23e;
				_v376 = _v376 | 0x7c68b11f;
				_v376 = _v376 ^ 0xbb3726b5;
				_v376 = _v376 ^ 0xc7d510ca;
				_v140 = 0x76a014;
				_t946 = 0x62;
				_v140 = _v140 * 0x5d;
				_v140 = _v140 ^ 0x2b1c15f7;
				_v236 = 0x97a0b2;
				_v236 = _v236 + 0xb8c3;
				_v236 = _v236 / _t946;
				_v236 = _v236 ^ 0x00048326;
				_v244 = 0xf40f05;
				_v244 = _v244 >> 9;
				_v244 = _v244 + 0xffff2918;
				_v244 = _v244 ^ 0xfff951ac;
				_v252 = 0x8be7d4;
				_t947 = 0x63;
				_v252 = _v252 * 0x1e;
				_v252 = _v252 | 0x42cac185;
				_v252 = _v252 ^ 0x52ef1e67;
				_v116 = 0xbde76;
				_v116 = _v116 * 0x7b;
				_v116 = _v116 ^ 0x05b04958;
				_v328 = 0xeb1d65;
				_v328 = _v328 + 0xffffd1f9;
				_v328 = _v328 / _t947;
				_v328 = _v328 ^ 0x00025d34;
				_v280 = 0x68b6dc;
				_v280 = _v280 << 4;
				_v280 = _v280 + 0xffffca90;
				_v280 = _v280 ^ 0x06815cee;
				_v284 = 0x6fbf52;
				_t948 = 0x39;
				_v284 = _v284 / _t948;
				_v284 = _v284 >> 0xc;
				_v284 = _v284 ^ 0x000af32e;
				_v128 = 0xe16a7a;
				_v128 = _v128 << 0xa;
				_v128 = _v128 ^ 0x85a6bd86;
				_v136 = 0xc45446;
				_v136 = _v136 * 0x2c;
				_v136 = _v136 ^ 0x21b71382;
				_v356 = 0x71f336;
				_v356 = _v356 ^ 0x2de7f7fe;
				_v356 = _v356 ^ 0x8a07c7d3;
				_v356 = _v356 ^ 0x93c759d9;
				_v356 = _v356 ^ 0x3457e38a;
				_v444 = 0xc2e3ca;
				_v444 = _v444 + 0xd370;
				_v444 = _v444 * 0x17;
				_v444 = _v444 | 0x81628588;
				_v444 = _v444 ^ 0x91feaa64;
				_v216 = 0xda26e7;
				_v216 = _v216 | 0x60c5a9c9;
				_v216 = _v216 ^ 0x60dd12b5;
				_v192 = 0x3f7410;
				_v192 = _v192 ^ 0x1d5bbab7;
				_v192 = _v192 ^ 0x1d6fbf93;
				_v312 = 0x4ada65;
				_v312 = _v312 << 0xd;
				_v312 = _v312 >> 7;
				_v312 = _v312 ^ 0x00bfdaf9;
				_v272 = 0xabf11;
				_v272 = _v272 | 0xa59dca8e;
				_v272 = _v272 + 0x20a8;
				_v272 = _v272 ^ 0xa5a7fe59;
				_v224 = 0x8674d0;
				_t1041 = 0x129d0b2;
				_t1038 = 0x319c4b5;
				_t949 = 0x14;
				_v224 = _v224 / _t949;
				_v224 = _v224 ^ 0x000de1f0;
				_v320 = 0xda9bb0;
				_v320 = _v320 | 0x2a57cad9;
				_t950 = 0x36;
				_v320 = _v320 * 0xf;
				_v320 = _v320 ^ 0x831ebdeb;
				_v240 = 0xa163ed;
				_v240 = _v240 * 0xb;
				_v240 = _v240 ^ 0x8dcbf844;
				_v240 = _v240 ^ 0x8b2bfc33;
				_v428 = 0x5ed42b;
				_v428 = _v428 + 0xffff1d19;
				_v428 = _v428 * 0x50;
				_v428 = _v428 << 2;
				_v428 = _v428 ^ 0x75680dd8;
				_v88 = 0xfa72dc;
				_v88 = _v88 >> 7;
				_v88 = _v88 ^ 0x0007f8f8;
				_v388 = 0x10dc91;
				_v388 = _v388 / _t950;
				_v388 = _v388 >> 2;
				_v388 = _v388 | 0xaac1de12;
				_v388 = _v388 ^ 0xaac723cf;
				_v304 = 0xa7cb34;
				_v304 = _v304 ^ 0x1c82ce84;
				_v304 = _v304 + 0xffff27ec;
				_v304 = _v304 ^ 0x1c2c2c1b;
				_v360 = 0x85a407;
				_v360 = _v360 << 0x10;
				_v360 = _v360 ^ 0xf399b7e8;
				_t951 = 0x7b;
				_v360 = _v360 * 0xb;
				_v360 = _v360 ^ 0xc3d703da;
				_v108 = 0x2c5900;
				_v108 = _v108 | 0x18e96d33;
				_v108 = _v108 ^ 0x18efd740;
				_v368 = 0x82a9c5;
				_v368 = _v368 * 0x63;
				_v368 = _v368 / _t951;
				_v368 = _v368 << 9;
				_v368 = _v368 ^ 0xd254d318;
				_v344 = 0x646456;
				_v344 = _v344 | 0x8bd14a3d;
				_v344 = _v344 ^ 0xb757bf6b;
				_v344 = _v344 ^ 0xc7e8113d;
				_v344 = _v344 ^ 0xfb40f9ed;
				_v352 = 0x76afda;
				_v352 = _v352 | 0xbd2b6ebb;
				_v352 = _v352 + 0xffffcbc9;
				_v352 = _v352 << 5;
				_v352 = _v352 ^ 0xaffdfdca;
				while(1) {
					L1:
					_t1017 = 0xbed0fa7;
					_t952 = 0x2dc73db;
					_t880 = 0x45ef02b;
					goto L2;
					do {
						while(1) {
							L2:
							_t1054 = _t929 - _t880;
							if(_t1054 <= 0) {
								break;
							}
							__eflags = _t929 - 0xa3576f8;
							if(_t929 == 0xa3576f8) {
								_t1018 =  *0x2bd6224; // 0x0
								E02BD2B09(_v360,  *((intOrPtr*)(_t1018 + 0x50)), _v108, _v368);
								_t929 = _t1038;
								L25:
								_t880 = 0x45ef02b;
								_t952 = 0x2dc73db;
								_t1017 = 0xbed0fa7;
								goto L26;
							}
							__eflags = _t929 - _t1017;
							if(__eflags == 0) {
								_push(_v156);
								_push(_v340);
								_push(_v148);
								_t883 = E02BCE1F8(0x2bb13f8, _v384, __eflags);
								_t884 =  *0x2bd6224; // 0x0
								__eflags = E02BBF288(_v268, _v276, _t883, _v124,  &_v76, _t884 + 0x54, _v132, 0x2bb13f8, _v376, _v80, _v140) - _v260;
								_t929 =  ==  ? 0x2dc73db : _t1038;
								E02BCFECB(_t883, _v236, _v244, _v252, _v116);
								_t1048 =  &(_t1048[0xf]);
								L15:
								_t1041 = 0x129d0b2;
								goto L25;
							}
							__eflags = _t929 - 0xda5043f;
							if(__eflags != 0) {
								goto L26;
							}
							_t929 = 0x2e16ae;
						}
						if(_t1054 == 0) {
							_push(_v336);
							_push(_v396);
							_push(_v448);
							_t891 = E02BCE1F8(0x2bb13a8, _v104, __eflags);
							_push(_v440);
							_t1039 = _t891;
							_push(_v432);
							_push(_v332);
							_t892 = E02BCE1F8(0x2bb1498, _v144, __eflags);
							_v64 = _v424;
							_t894 = E02BC00C5(_t1039, _v84, _v416);
							_v56 = _v56 & 0x00000000;
							_v60 = _t1039;
							_v52 = 1;
							_v68 = 2 + _t894 * 2;
							_v48 =  &_v68;
							_t897 = 0x20;
							_v76 = _t897;
							__eflags = E02BB49A4(_v212,  &_v56, _v308,  &_v32, _v400, _v220, _v316,  &_v76, _v72, _t897, _t892, _v408, _v324) - _v204;
							_t929 =  ==  ? 0xbed0fa7 : 0x319c4b5;
							E02BCFECB(_t1039, _v300, _v180, _v188, _v196);
							E02BCFECB(_t892, _v292, _v164, _v172, _v392);
							_t1048 =  &(_t1048[0x18]);
							L17:
							_t1038 = 0x319c4b5;
							goto L15;
						}
						if(_t929 == 0x2e16ae) {
							_push(_v264);
							_push(_v184);
							_push(_v364);
							_t905 = E02BCE1F8(0x2bb1468, _v420, __eflags);
							_push(_v120);
							_push(_v176);
							_push(_v380);
							__eflags = E02BB738A(_v288, _t905, _v232, _v168,  &_v80, E02BCE1F8(0x2bb1318, _v100, __eflags), _v296) - _v112;
							_t929 =  ==  ? 0x45ef02b : 0x45eecb1;
							E02BCFECB(_t905, _v160, _v348, _v412, _v256);
							E02BCFECB(_t906, _v372, _v152, _v404, _v92);
							_t1048 =  &(_t1048[0x11]);
							goto L17;
						}
						if(_t929 == _t1041) {
							_push(_v216);
							_push(_v444);
							_push(_v356);
							_t1045 = E02BCE1F8(0x2bb1438, _v136, __eflags);
							_v44 = _v436;
							_v40 = _v208;
							_v36 = _v96;
							_t918 =  *0x2bd6224; // 0x0
							_t974 =  *0x2bd6224; // 0x0
							_t919 = E02BB50E8( *((intOrPtr*)(_t974 + 0x54)), _v192, _v312, _v272, _v224,  *((intOrPtr*)(_t918 + 0x50)), _v80, _v320, 0x2bb1438, 0x2bb1438,  &_v44, _v200, 0x2bb1438, _v240, _t913);
							_t1052 =  &(_t1048[0x10]);
							__eflags = _t919 - _v248;
							if(_t919 != _v248) {
								_t929 = 0xa3576f8;
							} else {
								_t929 = _t1038;
								_t1046 = 1;
							}
							E02BCFECB(_t1045, _v428, _v88, _v388, _v304);
							_t1048 =  &(_t1052[3]);
							goto L15;
						}
						if(_t929 == _t952) {
							_t925 =  *0x2bd6224; // 0x0
							_push(_t952);
							_push(_t952);
							_t977 = E02BBC5D8( *((intOrPtr*)(_t925 + 0x54)));
							_t1048 =  &(_t1048[3]);
							_t927 =  *0x2bd6224; // 0x0
							__eflags = _t977;
							_t929 =  !=  ? _t1041 : _t1038;
							 *((intOrPtr*)(_t927 + 0x50)) = _t977;
							goto L1;
						}
						if(_t929 != _t1038) {
							goto L26;
						}
						E02BBF7FE(_v344, _v80, _v352, _v228);
						L9:
						return _t1046;
						L26:
						__eflags = _t929 - 0x45eecb1;
					} while (__eflags != 0);
					goto L9;
				}
			}






















































































































































                                                                                                          0x02bb3431
                                                                                                          0x02bb3437
                                                                                                          0x02bb3441
                                                                                                          0x02bb3450
                                                                                                          0x02bb3457
                                                                                                          0x02bb3459
                                                                                                          0x02bb345e
                                                                                                          0x02bb3469
                                                                                                          0x02bb346e
                                                                                                          0x02bb346f
                                                                                                          0x02bb3473
                                                                                                          0x02bb347b
                                                                                                          0x02bb3486
                                                                                                          0x02bb3491
                                                                                                          0x02bb349c
                                                                                                          0x02bb34a4
                                                                                                          0x02bb34a9
                                                                                                          0x02bb34b1
                                                                                                          0x02bb34b6
                                                                                                          0x02bb34be
                                                                                                          0x02bb34c9
                                                                                                          0x02bb34d1
                                                                                                          0x02bb34dc
                                                                                                          0x02bb34e7
                                                                                                          0x02bb34ef
                                                                                                          0x02bb34fa
                                                                                                          0x02bb3505
                                                                                                          0x02bb3510
                                                                                                          0x02bb351b
                                                                                                          0x02bb3526
                                                                                                          0x02bb352e
                                                                                                          0x02bb3539
                                                                                                          0x02bb3544
                                                                                                          0x02bb354f
                                                                                                          0x02bb355a
                                                                                                          0x02bb3565
                                                                                                          0x02bb3570
                                                                                                          0x02bb357b
                                                                                                          0x02bb3586
                                                                                                          0x02bb3591
                                                                                                          0x02bb359c
                                                                                                          0x02bb35a7
                                                                                                          0x02bb35b2
                                                                                                          0x02bb35bd
                                                                                                          0x02bb35c8
                                                                                                          0x02bb35d0
                                                                                                          0x02bb35db
                                                                                                          0x02bb35ef
                                                                                                          0x02bb35f6
                                                                                                          0x02bb35fe
                                                                                                          0x02bb3609
                                                                                                          0x02bb3614
                                                                                                          0x02bb361c
                                                                                                          0x02bb3627
                                                                                                          0x02bb362f
                                                                                                          0x02bb3637
                                                                                                          0x02bb363f
                                                                                                          0x02bb3647
                                                                                                          0x02bb364f
                                                                                                          0x02bb365c
                                                                                                          0x02bb3660
                                                                                                          0x02bb366d
                                                                                                          0x02bb3671
                                                                                                          0x02bb3679
                                                                                                          0x02bb3684
                                                                                                          0x02bb368f
                                                                                                          0x02bb369a
                                                                                                          0x02bb36a5
                                                                                                          0x02bb36af
                                                                                                          0x02bb36ba
                                                                                                          0x02bb36c5
                                                                                                          0x02bb36da
                                                                                                          0x02bb36dd
                                                                                                          0x02bb36e4
                                                                                                          0x02bb36ef
                                                                                                          0x02bb36f7
                                                                                                          0x02bb36ff
                                                                                                          0x02bb3707
                                                                                                          0x02bb370c
                                                                                                          0x02bb3714
                                                                                                          0x02bb371f
                                                                                                          0x02bb372a
                                                                                                          0x02bb3735
                                                                                                          0x02bb374b
                                                                                                          0x02bb3752
                                                                                                          0x02bb375d
                                                                                                          0x02bb3768
                                                                                                          0x02bb3773
                                                                                                          0x02bb377b
                                                                                                          0x02bb3786
                                                                                                          0x02bb3799
                                                                                                          0x02bb379c
                                                                                                          0x02bb37ae
                                                                                                          0x02bb37b5
                                                                                                          0x02bb37c0
                                                                                                          0x02bb37cb
                                                                                                          0x02bb37d6
                                                                                                          0x02bb37de
                                                                                                          0x02bb37e9
                                                                                                          0x02bb37f4
                                                                                                          0x02bb37ff
                                                                                                          0x02bb380a
                                                                                                          0x02bb3812
                                                                                                          0x02bb381e
                                                                                                          0x02bb3821
                                                                                                          0x02bb3825
                                                                                                          0x02bb382a
                                                                                                          0x02bb3832
                                                                                                          0x02bb383a
                                                                                                          0x02bb3842
                                                                                                          0x02bb3847
                                                                                                          0x02bb384f
                                                                                                          0x02bb3857
                                                                                                          0x02bb3862
                                                                                                          0x02bb386d
                                                                                                          0x02bb3878
                                                                                                          0x02bb3883
                                                                                                          0x02bb388b
                                                                                                          0x02bb3890
                                                                                                          0x02bb3895
                                                                                                          0x02bb389d
                                                                                                          0x02bb38a5
                                                                                                          0x02bb38b0
                                                                                                          0x02bb38bb
                                                                                                          0x02bb38c6
                                                                                                          0x02bb38ce
                                                                                                          0x02bb38d6
                                                                                                          0x02bb38de
                                                                                                          0x02bb38e6
                                                                                                          0x02bb38ee
                                                                                                          0x02bb38f9
                                                                                                          0x02bb3904
                                                                                                          0x02bb390f
                                                                                                          0x02bb391a
                                                                                                          0x02bb3922
                                                                                                          0x02bb392f
                                                                                                          0x02bb393e
                                                                                                          0x02bb3941
                                                                                                          0x02bb3945
                                                                                                          0x02bb394d
                                                                                                          0x02bb3955
                                                                                                          0x02bb395d
                                                                                                          0x02bb3965
                                                                                                          0x02bb3975
                                                                                                          0x02bb3979
                                                                                                          0x02bb397e
                                                                                                          0x02bb3986
                                                                                                          0x02bb3991
                                                                                                          0x02bb399c
                                                                                                          0x02bb39a7
                                                                                                          0x02bb39b2
                                                                                                          0x02bb39bd
                                                                                                          0x02bb39c8
                                                                                                          0x02bb39d3
                                                                                                          0x02bb39de
                                                                                                          0x02bb39e9
                                                                                                          0x02bb39f0
                                                                                                          0x02bb39fb
                                                                                                          0x02bb3a03
                                                                                                          0x02bb3a0b
                                                                                                          0x02bb3a13
                                                                                                          0x02bb3a1b
                                                                                                          0x02bb3a23
                                                                                                          0x02bb3a30
                                                                                                          0x02bb3a33
                                                                                                          0x02bb3a3c
                                                                                                          0x02bb3a40
                                                                                                          0x02bb3a48
                                                                                                          0x02bb3a50
                                                                                                          0x02bb3a5b
                                                                                                          0x02bb3a63
                                                                                                          0x02bb3a6e
                                                                                                          0x02bb3a7e
                                                                                                          0x02bb3a82
                                                                                                          0x02bb3a87
                                                                                                          0x02bb3a8f
                                                                                                          0x02bb3a97
                                                                                                          0x02bb3aa2
                                                                                                          0x02bb3aad
                                                                                                          0x02bb3ab8
                                                                                                          0x02bb3ac3
                                                                                                          0x02bb3acb
                                                                                                          0x02bb3ad6
                                                                                                          0x02bb3ae1
                                                                                                          0x02bb3ae9
                                                                                                          0x02bb3af9
                                                                                                          0x02bb3afd
                                                                                                          0x02bb3b02
                                                                                                          0x02bb3b0a
                                                                                                          0x02bb3b1c
                                                                                                          0x02bb3b1f
                                                                                                          0x02bb3b26
                                                                                                          0x02bb3b31
                                                                                                          0x02bb3b3c
                                                                                                          0x02bb3b44
                                                                                                          0x02bb3b51
                                                                                                          0x02bb3b5d
                                                                                                          0x02bb3b62
                                                                                                          0x02bb3b68
                                                                                                          0x02bb3b70
                                                                                                          0x02bb3b83
                                                                                                          0x02bb3b86
                                                                                                          0x02bb3b8d
                                                                                                          0x02bb3b95
                                                                                                          0x02bb3ba0
                                                                                                          0x02bb3bab
                                                                                                          0x02bb3bb6
                                                                                                          0x02bb3bc1
                                                                                                          0x02bb3bcc
                                                                                                          0x02bb3bd7
                                                                                                          0x02bb3be2
                                                                                                          0x02bb3bed
                                                                                                          0x02bb3c03
                                                                                                          0x02bb3c0a
                                                                                                          0x02bb3c15
                                                                                                          0x02bb3c20
                                                                                                          0x02bb3c2b
                                                                                                          0x02bb3c36
                                                                                                          0x02bb3c49
                                                                                                          0x02bb3c4a
                                                                                                          0x02bb3c51
                                                                                                          0x02bb3c59
                                                                                                          0x02bb3c64
                                                                                                          0x02bb3c77
                                                                                                          0x02bb3c7e
                                                                                                          0x02bb3c89
                                                                                                          0x02bb3c94
                                                                                                          0x02bb3c9f
                                                                                                          0x02bb3caa
                                                                                                          0x02bb3cb2
                                                                                                          0x02bb3cba
                                                                                                          0x02bb3cbf
                                                                                                          0x02bb3cc7
                                                                                                          0x02bb3ccf
                                                                                                          0x02bb3cd7
                                                                                                          0x02bb3cdb
                                                                                                          0x02bb3ce0
                                                                                                          0x02bb3ce5
                                                                                                          0x02bb3ced
                                                                                                          0x02bb3cf8
                                                                                                          0x02bb3d03
                                                                                                          0x02bb3d0e
                                                                                                          0x02bb3d1c
                                                                                                          0x02bb3d25
                                                                                                          0x02bb3d29
                                                                                                          0x02bb3d31
                                                                                                          0x02bb3d3c
                                                                                                          0x02bb3d47
                                                                                                          0x02bb3d52
                                                                                                          0x02bb3d5d
                                                                                                          0x02bb3d68
                                                                                                          0x02bb3d73
                                                                                                          0x02bb3d7e
                                                                                                          0x02bb3d89
                                                                                                          0x02bb3d91
                                                                                                          0x02bb3d9c
                                                                                                          0x02bb3da7
                                                                                                          0x02bb3daf
                                                                                                          0x02bb3dba
                                                                                                          0x02bb3dc2
                                                                                                          0x02bb3dca
                                                                                                          0x02bb3dd2
                                                                                                          0x02bb3ddc
                                                                                                          0x02bb3de4
                                                                                                          0x02bb3df9
                                                                                                          0x02bb3dfc
                                                                                                          0x02bb3e03
                                                                                                          0x02bb3e0e
                                                                                                          0x02bb3e19
                                                                                                          0x02bb3e2f
                                                                                                          0x02bb3e36
                                                                                                          0x02bb3e41
                                                                                                          0x02bb3e4c
                                                                                                          0x02bb3e54
                                                                                                          0x02bb3e5f
                                                                                                          0x02bb3e6a
                                                                                                          0x02bb3e7d
                                                                                                          0x02bb3e80
                                                                                                          0x02bb3e87
                                                                                                          0x02bb3e92
                                                                                                          0x02bb3e9d
                                                                                                          0x02bb3eb0
                                                                                                          0x02bb3eb7
                                                                                                          0x02bb3ec2
                                                                                                          0x02bb3ecd
                                                                                                          0x02bb3ee3
                                                                                                          0x02bb3eea
                                                                                                          0x02bb3ef5
                                                                                                          0x02bb3f00
                                                                                                          0x02bb3f08
                                                                                                          0x02bb3f13
                                                                                                          0x02bb3f1e
                                                                                                          0x02bb3f30
                                                                                                          0x02bb3f33
                                                                                                          0x02bb3f3a
                                                                                                          0x02bb3f42
                                                                                                          0x02bb3f4d
                                                                                                          0x02bb3f58
                                                                                                          0x02bb3f60
                                                                                                          0x02bb3f6b
                                                                                                          0x02bb3f7e
                                                                                                          0x02bb3f85
                                                                                                          0x02bb3f90
                                                                                                          0x02bb3f98
                                                                                                          0x02bb3fa0
                                                                                                          0x02bb3fa8
                                                                                                          0x02bb3fb0
                                                                                                          0x02bb3fb8
                                                                                                          0x02bb3fc0
                                                                                                          0x02bb3fcd
                                                                                                          0x02bb3fd1
                                                                                                          0x02bb3fd9
                                                                                                          0x02bb3fe1
                                                                                                          0x02bb3fec
                                                                                                          0x02bb3ff7
                                                                                                          0x02bb4002
                                                                                                          0x02bb400d
                                                                                                          0x02bb4018
                                                                                                          0x02bb4023
                                                                                                          0x02bb402e
                                                                                                          0x02bb4036
                                                                                                          0x02bb403e
                                                                                                          0x02bb4049
                                                                                                          0x02bb4054
                                                                                                          0x02bb405f
                                                                                                          0x02bb406a
                                                                                                          0x02bb4077
                                                                                                          0x02bb4082
                                                                                                          0x02bb408e
                                                                                                          0x02bb4095
                                                                                                          0x02bb409a
                                                                                                          0x02bb40a3
                                                                                                          0x02bb40ae
                                                                                                          0x02bb40b9
                                                                                                          0x02bb40cc
                                                                                                          0x02bb40cf
                                                                                                          0x02bb40d6
                                                                                                          0x02bb40e1
                                                                                                          0x02bb40f4
                                                                                                          0x02bb40fb
                                                                                                          0x02bb4106
                                                                                                          0x02bb4111
                                                                                                          0x02bb4119
                                                                                                          0x02bb4126
                                                                                                          0x02bb412a
                                                                                                          0x02bb412f
                                                                                                          0x02bb4137
                                                                                                          0x02bb4142
                                                                                                          0x02bb414a
                                                                                                          0x02bb4155
                                                                                                          0x02bb4165
                                                                                                          0x02bb4169
                                                                                                          0x02bb416e
                                                                                                          0x02bb4176
                                                                                                          0x02bb417e
                                                                                                          0x02bb4189
                                                                                                          0x02bb4194
                                                                                                          0x02bb419f
                                                                                                          0x02bb41aa
                                                                                                          0x02bb41b2
                                                                                                          0x02bb41b7
                                                                                                          0x02bb41c4
                                                                                                          0x02bb41c5
                                                                                                          0x02bb41c9
                                                                                                          0x02bb41d1
                                                                                                          0x02bb41dc
                                                                                                          0x02bb41e7
                                                                                                          0x02bb41f2
                                                                                                          0x02bb41ff
                                                                                                          0x02bb4209
                                                                                                          0x02bb420d
                                                                                                          0x02bb4212
                                                                                                          0x02bb421a
                                                                                                          0x02bb4222
                                                                                                          0x02bb422a
                                                                                                          0x02bb4232
                                                                                                          0x02bb423a
                                                                                                          0x02bb4242
                                                                                                          0x02bb424a
                                                                                                          0x02bb4252
                                                                                                          0x02bb425a
                                                                                                          0x02bb425f
                                                                                                          0x02bb4267
                                                                                                          0x02bb4267
                                                                                                          0x02bb4267
                                                                                                          0x02bb426c
                                                                                                          0x02bb4271
                                                                                                          0x02bb4271
                                                                                                          0x02bb4276
                                                                                                          0x02bb4276
                                                                                                          0x02bb4276
                                                                                                          0x02bb4276
                                                                                                          0x02bb4278
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bb4628
                                                                                                          0x02bb462e
                                                                                                          0x02bb4707
                                                                                                          0x02bb4714
                                                                                                          0x02bb471b
                                                                                                          0x02bb471d
                                                                                                          0x02bb471d
                                                                                                          0x02bb4722
                                                                                                          0x02bb4727
                                                                                                          0x00000000
                                                                                                          0x02bb4727
                                                                                                          0x02bb4634
                                                                                                          0x02bb4636
                                                                                                          0x02bb464e
                                                                                                          0x02bb465a
                                                                                                          0x02bb4661
                                                                                                          0x02bb466c
                                                                                                          0x02bb4690
                                                                                                          0x02bb46c7
                                                                                                          0x02bb46de
                                                                                                          0x02bb46ef
                                                                                                          0x02bb46f4
                                                                                                          0x02bb43ef
                                                                                                          0x02bb43ef
                                                                                                          0x00000000
                                                                                                          0x02bb43ef
                                                                                                          0x02bb4638
                                                                                                          0x02bb463e
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bb4644
                                                                                                          0x02bb4644
                                                                                                          0x02bb427e
                                                                                                          0x02bb44d1
                                                                                                          0x02bb44dd
                                                                                                          0x02bb44e1
                                                                                                          0x02bb44ec
                                                                                                          0x02bb44f1
                                                                                                          0x02bb44fa
                                                                                                          0x02bb44fc
                                                                                                          0x02bb4500
                                                                                                          0x02bb450e
                                                                                                          0x02bb4526
                                                                                                          0x02bb452d
                                                                                                          0x02bb4534
                                                                                                          0x02bb4543
                                                                                                          0x02bb4551
                                                                                                          0x02bb455c
                                                                                                          0x02bb456a
                                                                                                          0x02bb4571
                                                                                                          0x02bb4579
                                                                                                          0x02bb45d3
                                                                                                          0x02bb45e3
                                                                                                          0x02bb45fb
                                                                                                          0x02bb461b
                                                                                                          0x02bb4620
                                                                                                          0x02bb44c7
                                                                                                          0x02bb44c7
                                                                                                          0x00000000
                                                                                                          0x02bb44c7
                                                                                                          0x02bb428a
                                                                                                          0x02bb43f9
                                                                                                          0x02bb4405
                                                                                                          0x02bb440c
                                                                                                          0x02bb4414
                                                                                                          0x02bb4419
                                                                                                          0x02bb4427
                                                                                                          0x02bb442e
                                                                                                          0x02bb447a
                                                                                                          0x02bb448e
                                                                                                          0x02bb449f
                                                                                                          0x02bb44bf
                                                                                                          0x02bb44c4
                                                                                                          0x00000000
                                                                                                          0x02bb44c4
                                                                                                          0x02bb4292
                                                                                                          0x02bb4311
                                                                                                          0x02bb431d
                                                                                                          0x02bb4321
                                                                                                          0x02bb4334
                                                                                                          0x02bb433a
                                                                                                          0x02bb4349
                                                                                                          0x02bb435e
                                                                                                          0x02bb437e
                                                                                                          0x02bb43a9
                                                                                                          0x02bb43b2
                                                                                                          0x02bb43b7
                                                                                                          0x02bb43ba
                                                                                                          0x02bb43c1
                                                                                                          0x02bb43ca
                                                                                                          0x02bb43c3
                                                                                                          0x02bb43c5
                                                                                                          0x02bb43c7
                                                                                                          0x02bb43c7
                                                                                                          0x02bb43e7
                                                                                                          0x02bb43ec
                                                                                                          0x00000000
                                                                                                          0x02bb43ec
                                                                                                          0x02bb4296
                                                                                                          0x02bb42e9
                                                                                                          0x02bb42ee
                                                                                                          0x02bb42ef
                                                                                                          0x02bb42f8
                                                                                                          0x02bb42fa
                                                                                                          0x02bb42fd
                                                                                                          0x02bb4302
                                                                                                          0x02bb4306
                                                                                                          0x02bb4309
                                                                                                          0x00000000
                                                                                                          0x02bb4309
                                                                                                          0x02bb429a
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bb42b9
                                                                                                          0x02bb42c2
                                                                                                          0x02bb42cc
                                                                                                          0x02bb472c
                                                                                                          0x02bb472c
                                                                                                          0x02bb472c
                                                                                                          0x00000000
                                                                                                          0x02bb4738

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: !Sw$)<L$Et$L$R$T9$Vdd$_EBM$sv$zj$J'$c${
                                                                                                          • API String ID: 0-2179300830
                                                                                                          • Opcode ID: 918a06432655f9e0ee93988875e40f80e4cc6fccb8385c724795c463603f9134
                                                                                                          • Instruction ID: 7791b49761cca8138410e585d71274f6910914d956963adeefdb45fff3eee62f
                                                                                                          • Opcode Fuzzy Hash: 918a06432655f9e0ee93988875e40f80e4cc6fccb8385c724795c463603f9134
                                                                                                          • Instruction Fuzzy Hash: 2A92ED715093819FD3B9CF25C98AB9FBBE2BBC5304F10891DE1DA96260D7B18949CF42
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BC67E6, Relevance: 17.0, Strings: 13, Instructions: 728COMMONCrypto
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 549 2bc67e6-2bc750a call 2bcfe29 552 2bc7511 549->552 553 2bc7516 552->553 554 2bc751a-2bc7520 553->554 555 2bc76b5-2bc76b7 554->555 556 2bc7526 554->556 559 2bc76bd-2bc76c3 555->559 560 2bc7772-2bc7775 555->560 557 2bc752c-2bc7532 556->557 558 2bc76ab-2bc76b0 556->558 561 2bc7538-2bc753e 557->561 562 2bc768b-2bc76a6 call 2bb4bfc 557->562 558->554 565 2bc7749-2bc776d call 2bbef0c 559->565 566 2bc76c9-2bc76cf 559->566 563 2bc77a6 560->563 564 2bc7777-2bc77a4 call 2bce1f8 560->564 567 2bc762a-2bc7686 call 2bbdda9 call 2bd2b09 561->567 568 2bc7544-2bc754a 561->568 593 2bc75fc-2bc7603 562->593 574 2bc77ad-2bc77ef 563->574 564->574 565->593 572 2bc792e-2bc7944 call 2bce358 566->572 573 2bc76d5-2bc76db 566->573 613 2bc7915-2bc791c 567->613 577 2bc7608-2bc7628 call 2bce358 568->577 578 2bc7550-2bc7556 568->578 599 2bc7945-2bc7951 572->599 582 2bc76dd-2bc76e3 573->582 583 2bc76f3-2bc76f7 573->583 584 2bc77f7-2bc7862 call 2bb4a88 call 2bcfecb 574->584 585 2bc77f1 574->585 605 2bc75fa-2bc75fb 577->605 591 2bc755c-2bc7563 578->591 592 2bc75dd-2bc75f5 call 2bce358 578->592 595 2bc76e9-2bc76ee 582->595 596 2bc7921-2bc7927 582->596 586 2bc76f9-2bc7703 583->586 587 2bc7705 583->587 615 2bc7868-2bc789c call 2bd3e0e 584->615 616 2bc7910 584->616 585->584 600 2bc7707-2bc7744 call 2bd10dc 586->600 587->600 591->596 603 2bc7569-2bc75d8 call 2bbed66 591->603 592->605 593->552 595->554 598 2bc7929 596->598 596->599 598->553 600->593 603->554 605->593 613->596 619 2bc789e-2bc7903 call 2bcc8cf call 2bd3e0e 615->619 620 2bc7906-2bc790b 615->620 616->613 619->620 620->593
                                                                                                          C-Code - Quality: 94%
                                                                                                          			E02BC67E6(intOrPtr __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, signed int _a20, intOrPtr _a24, signed int* _a28, signed int _a32, intOrPtr _a36, intOrPtr _a40, intOrPtr _a44, intOrPtr _a48) {
				intOrPtr _v4;
				signed int _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _t846;
				intOrPtr _t847;
				signed int _t861;
				void* _t866;
				signed int _t867;
				signed int _t874;
				signed int* _t876;
				signed int _t885;
				void* _t937;
				signed int _t946;
				signed int _t960;
				signed int _t961;
				signed int _t962;
				signed int _t963;
				signed int _t964;
				signed int _t965;
				signed int _t966;
				signed int _t967;
				signed int _t968;
				signed int _t969;
				signed int _t970;
				signed int _t971;
				signed int _t972;
				signed int _t973;
				signed int _t974;
				signed int _t975;
				signed int _t976;
				signed int _t978;
				signed int _t980;
				signed int _t985;
				signed int _t986;
				signed int* _t989;
				void* _t991;

				_t876 = _a28;
				_push(_a48);
				_push(_a44);
				_v4 = __ecx;
				_push(_a40);
				_push(_a36);
				_push(_a32);
				_push(_t876);
				_push(_a24);
				_push(_a20 & 0x0000ffff);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E02BCFE29(_a20 & 0x0000ffff);
				_v304 = 0x84e682;
				_t989 =  &(( &_v304)[0xe]);
				_v304 = _v304 + 0xeb1b;
				_v304 = _v304 ^ 0x0f7f391c;
				_v304 = _v304 ^ 0x0ffae881;
				_t874 = 0;
				_v80 = 0xd03450;
				_t978 = 0x7e00160;
				_v80 = _v80 + 0x474c;
				_v80 = _v80 ^ 0x00d07b8f;
				_v40 = 0x62fb41;
				_v40 = _v40 ^ 0x58566629;
				_v40 = _v40 ^ 0x58349da0;
				_v56 = 0xe1b746;
				_v56 = _v56 + 0x8be3;
				_v56 = _v56 ^ 0x00e2c329;
				_v32 = 0xe6e4c5;
				_v32 = _v32 + 0xfb3f;
				_v32 = _v32 ^ 0x00e7a004;
				_v164 = 0x3535e2;
				_v164 = _v164 + 0xb15e;
				_v164 = _v164 + 0xffff4c2e;
				_v164 = _v164 ^ 0x0075336e;
				_v256 = 0xe056c0;
				_v256 = _v256 >> 0xf;
				_v12 = 0;
				_t960 = 0xf;
				_v256 = _v256 / _t960;
				_t961 = 0x75;
				_v256 = _v256 / _t961;
				_v256 = _v256 ^ 0x00040000;
				_v64 = 0xc12004;
				_v64 = _v64 | 0x05a7924d;
				_v64 = _v64 ^ 0x01e7b24d;
				_v200 = 0x3d9b4;
				_v200 = _v200 + 0xffffba05;
				_t962 = 0x4d;
				_push("true");
				_v200 = _v200 / _t962;
				_v200 = _v200 >> 0xa;
				_v200 = _v200 ^ 0x00080002;
				_v264 = 0xdbb33c;
				_pop(_t963);
				_v264 = _v264 / _t963;
				_v264 = _v264 ^ 0x3bde5a68;
				_t964 = 0x74;
				_v264 = _v264 * 0x67;
				_v264 = _v264 ^ 0x14497559;
				_v172 = 0x2a3d0;
				_v172 = _v172 + 0xffff520a;
				_v172 = _v172 + 0xffffc196;
				_v172 = _v172 ^ 0x0001b670;
				_v16 = 0x40a0dc;
				_v16 = _v16 >> 0xc;
				_v16 = _v16 ^ 0x8000040a;
				_v280 = 0x3a90ef;
				_v280 = _v280 + 0xfffff29b;
				_v280 = _v280 + 0xd15d;
				_v280 = _v280 + 0xffff2fb1;
				_v280 = _v280 ^ 0x003a8498;
				_v276 = 0x2b48bd;
				_v276 = _v276 * 0x59;
				_v276 = _v276 | 0x0b3e9c0e;
				_v276 = _v276 + 0x2f0e;
				_v276 = _v276 ^ 0x0f3f0c8c;
				_v244 = 0xf133cf;
				_v244 = _v244 * 0x50;
				_v244 = _v244 >> 0xe;
				_v244 = _v244 >> 2;
				_v244 = _v244 ^ 0x00004b7f;
				_v220 = 0x48bde3;
				_v220 = _v220 * 7;
				_v220 = _v220 << 3;
				_v220 = _v220 << 7;
				_v220 = _v220 ^ 0xf4c4d41f;
				_v152 = 0xdfcbbb;
				_v152 = _v152 / _t964;
				_v152 = _v152 ^ 0x15954f38;
				_v152 = _v152 ^ 0x1594a2df;
				_v236 = 0x79b2d;
				_v236 = _v236 + 0xffffa56f;
				_v236 = _v236 >> 0xc;
				_v236 = _v236 + 0xffff51ce;
				_v236 = _v236 ^ 0xffff5342;
				_v300 = 0x53b7c5;
				_v300 = _v300 | 0xbc55bbc8;
				_v300 = _v300 >> 0xb;
				_v300 = _v300 * 0x4a;
				_v300 = _v300 ^ 0x06ca0610;
				_v300 = 0x831a37;
				_v300 = _v300 >> 0xa;
				_v300 = _v300 ^ 0xf07c3cef;
				_v300 = _v300 >> 2;
				_v300 = _v300 ^ 0x3c15b978;
				_v296 = 0xbc94b;
				_v296 = _v296 ^ 0xc913797f;
				_v296 = _v296 ^ 0xc91ffb85;
				_v304 = 0xeb47f;
				_v304 = _v304 * 0x21;
				_v304 = _v304 >> 9;
				_v304 = _v304 ^ 0x00079d5b;
				_v296 = 0x863d92;
				_v296 = _v296 | 0xc3fe325e;
				_v296 = _v296 ^ 0xc3f15d89;
				_v304 = 0x8c9292;
				_v304 = _v304 * 0x65;
				_v304 = _v304 * 0x2f;
				_v304 = _v304 ^ 0x2ea0d0e4;
				_v296 = 0x7998c8;
				_v296 = _v296 * 0x1f;
				_v296 = _v296 ^ 0x0ebe6fc9;
				_v304 = 0xc13eda;
				_v304 = _v304 + 0x239b;
				_v304 = _v304 | 0x8aa80eb1;
				_v304 = _v304 ^ 0x8ae5aa52;
				_v304 = 0x2ac635;
				_t965 = 3;
				_v304 = _v304 * 0x1a;
				_v304 = _v304 | 0xa2ccc89a;
				_v304 = _v304 ^ 0xa6da26ac;
				_v296 = 0xd161a;
				_v296 = _v296 >> 0xb;
				_v296 = _v296 ^ 0x00086437;
				_v300 = 0xc8d906;
				_v300 = _v300 << 5;
				_v300 = _v300 / _t965;
				_v300 = _v300 | 0xd3e5db7e;
				_v300 = _v300 ^ 0xdbffc0c3;
				_v304 = 0xa90eaa;
				_t966 = 0x62;
				_v304 = _v304 / _t966;
				_v304 = _v304 ^ 0xa321830c;
				_v304 = _v304 ^ 0xa32eb72c;
				_v296 = 0xc9c90e;
				_v296 = _v296 ^ 0x29ac5136;
				_v296 = _v296 ^ 0x296c2187;
				_v168 = 0xb8ba74;
				_v168 = _v168 >> 0xb;
				_v168 = _v168 | 0xd39b7801;
				_v168 = _v168 ^ 0xd39a1a13;
				_v240 = 0xce03d4;
				_v240 = _v240 + 0xffff6ba1;
				_v240 = _v240 + 0xffff3730;
				_t967 = 0x7e;
				_v240 = _v240 / _t967;
				_v240 = _v240 ^ 0x00015c8a;
				_v144 = 0x76dd98;
				_v144 = _v144 << 0xa;
				_t968 = 0xb;
				_v144 = _v144 / _t968;
				_v144 = _v144 ^ 0x13f9c089;
				_v88 = 0xd6758c;
				_t969 = 0x7c;
				_v88 = _v88 * 0x7d;
				_v88 = _v88 ^ 0x68b07bf0;
				_v112 = 0x136ce2;
				_v112 = _v112 * 0x7a;
				_v112 = _v112 ^ 0x094e8b6c;
				_v160 = 0xc781f4;
				_v160 = _v160 + 0x7b6;
				_v160 = _v160 ^ 0xd2a6870e;
				_v160 = _v160 ^ 0xd267b3cc;
				_v216 = 0x3cec52;
				_v216 = _v216 / _t969;
				_v216 = _v216 + 0xe7c2;
				_v216 = _v216 + 0x185f;
				_v216 = _v216 ^ 0x00083478;
				_v128 = 0xe8ace2;
				_v128 = _v128 + 0xffff5a4b;
				_v128 = _v128 >> 5;
				_v128 = _v128 ^ 0x00080537;
				_v20 = 0xba5f1f;
				_t970 = 0x28;
				_v20 = _v20 / _t970;
				_v20 = _v20 ^ 0x00097bc9;
				_v184 = 0x868bed;
				_v184 = _v184 ^ 0x5d9bbcc4;
				_t971 = 0x15;
				_t985 = 0x61;
				_v184 = _v184 * 0x7e;
				_v184 = _v184 ^ 0xd4635941;
				_v248 = 0xc6bb26;
				_v248 = _v248 + 0x4226;
				_v248 = _v248 + 0x1eaa;
				_v248 = _v248 + 0x143f;
				_v248 = _v248 ^ 0x00cd4d4f;
				_v124 = 0x1449aa;
				_v124 = _v124 >> 7;
				_v124 = _v124 + 0xffff4698;
				_v124 = _v124 ^ 0xfffccf45;
				_v204 = 0xd9ae2a;
				_v204 = _v204 * 0x25;
				_v204 = _v204 | 0x41acc33e;
				_v204 = _v204 + 0xe9b9;
				_v204 = _v204 ^ 0x5ff1a5de;
				_v104 = 0x27630a;
				_v104 = _v104 | 0x34992b3f;
				_v104 = _v104 ^ 0x34bda39f;
				_v28 = 0xa04064;
				_v28 = _v28 | 0x72e9e7d8;
				_v28 = _v28 ^ 0x72e1f0ab;
				_v48 = 0xc4ba01;
				_v48 = _v48 << 7;
				_v48 = _v48 ^ 0x6259539c;
				_v180 = 0x3340f4;
				_v180 = _v180 | 0x3035b2e2;
				_v180 = _v180 << 9;
				_v180 = _v180 ^ 0x6feb3ded;
				_v232 = 0x2e047a;
				_v232 = _v232 >> 0xa;
				_v232 = _v232 * 0x12;
				_v232 = _v232 / _t971;
				_v232 = _v232 ^ 0x0002c217;
				_v72 = 0x299f12;
				_v72 = _v72 << 3;
				_v72 = _v72 ^ 0x0148e07c;
				_v188 = 0xf414db;
				_v188 = _v188 << 0x10;
				_v188 = _v188 / _t985;
				_v188 = _v188 ^ 0x003bf194;
				_v156 = 0xc18fa7;
				_t986 = 0x6b;
				_v156 = _v156 / _t986;
				_t972 = 0xc;
				_v156 = _v156 / _t972;
				_v156 = _v156 ^ 0x0009860f;
				_v208 = 0xbb24e8;
				_v208 = _v208 + 0xd4bb;
				_v208 = _v208 + 0xffffec33;
				_t973 = 0x26;
				_v208 = _v208 / _t973;
				_v208 = _v208 ^ 0x000d494f;
				_v92 = 0xf4dbce;
				_v92 = _v92 + 0x5ee7;
				_v92 = _v92 ^ 0x00f22c8f;
				_v100 = 0x7239d1;
				_v100 = _v100 | 0x01f5add3;
				_v100 = _v100 ^ 0x01f71b27;
				_v292 = 0x4b72c4;
				_t974 = 0x61;
				_v292 = _v292 * 0xb;
				_v292 = _v292 + 0xfffff18f;
				_v292 = _v292 * 0xc;
				_v292 = _v292 ^ 0x26e66304;
				_v224 = 0xeae701;
				_v224 = _v224 << 1;
				_v224 = _v224 << 6;
				_v224 = _v224 | 0xd938d457;
				_v224 = _v224 ^ 0xfd70504c;
				_v108 = 0xa91a4c;
				_v108 = _v108 << 2;
				_v108 = _v108 ^ 0x02a24d10;
				_v68 = 0x46e95;
				_v68 = _v68 ^ 0x636abfcf;
				_v68 = _v68 ^ 0x636edf46;
				_v76 = 0x93e843;
				_v76 = _v76 | 0xba39a6db;
				_v76 = _v76 ^ 0xbaba9d8f;
				_v84 = 0xd50ea2;
				_v84 = _v84 | 0x50ec9d25;
				_v84 = _v84 ^ 0x50f8ba70;
				_v288 = 0x52484f;
				_v288 = _v288 + 0xb430;
				_v288 = _v288 * 0x4c;
				_v288 = _v288 >> 0xb;
				_v288 = _v288 ^ 0x000d4af8;
				_v284 = 0x2da3fa;
				_v284 = _v284 | 0xb3c63afe;
				_v284 = _v284 ^ 0xfce0d7d7;
				_v284 = _v284 + 0xffff4c41;
				_v284 = _v284 ^ 0x4f0e5b87;
				_v52 = 0xe252ad;
				_v52 = _v52 | 0x3c4f00b6;
				_v52 = _v52 ^ 0x3cecbbb2;
				_v60 = 0xab577e;
				_v60 = _v60 << 7;
				_v60 = _v60 ^ 0x55a8aa1a;
				_v148 = 0x5c065f;
				_v148 = _v148 << 0x10;
				_v148 = _v148 / _t986;
				_v148 = _v148 ^ 0x00079968;
				_v252 = 0xfb0d10;
				_v252 = _v252 / _t974;
				_v252 = _v252 << 0x10;
				_v252 = _v252 ^ 0x25f2b671;
				_v252 = _v252 ^ 0xb36c8d69;
				_v260 = 0x776100;
				_v260 = _v260 >> 0x10;
				_v260 = _v260 | 0xe8d0a90c;
				_v260 = _v260 * 0x14;
				_v260 = _v260 ^ 0x304a111f;
				_v268 = 0x4079f3;
				_v268 = _v268 >> 4;
				_t975 = 0x4f;
				_v268 = _v268 * 0x5f;
				_v268 = _v268 + 0x21c5;
				_v268 = _v268 ^ 0x017b7447;
				_v44 = 0x101fed;
				_v44 = _v44 ^ 0x1e85c214;
				_v44 = _v44 ^ 0x1e9d5cc7;
				_v140 = 0xb56248;
				_v140 = _v140 >> 0xb;
				_v140 = _v140 ^ 0xb0648700;
				_v140 = _v140 ^ 0xb06b52ff;
				_v228 = 0x5d2032;
				_v228 = _v228 + 0xe696;
				_v228 = _v228 + 0x90e;
				_v228 = _v228 << 6;
				_v228 = _v228 ^ 0x178d1a7f;
				_v192 = 0x46faa8;
				_v192 = _v192 / _t975;
				_v192 = _v192 + 0x59ff;
				_v192 = _v192 ^ 0x00002efb;
				_v272 = 0x13fbcb;
				_v272 = _v272 + 0xffff66dd;
				_v272 = _v272 * 0x5d;
				_v272 = _v272 + 0xffff70cc;
				_v272 = _v272 ^ 0x070467b9;
				_v136 = 0xda75c;
				_v136 = _v136 << 0xe;
				_v136 = _v136 << 8;
				_v136 = _v136 ^ 0xd703a46a;
				_v24 = 0x98e6;
				_v24 = _v24 | 0x30837cf6;
				_v24 = _v24 ^ 0x308cf6e6;
				_v196 = 0x2348e5;
				_v196 = _v196 + 0xec0b;
				_v196 = _v196 + 0xffff4f76;
				_v196 = _v196 + 0xffff4b3e;
				_v196 = _v196 ^ 0x002962b3;
				_v176 = 0x7bcaf7;
				_v176 = _v176 * 0x37;
				_v176 = _v176 << 4;
				_v176 = _v176 ^ 0xa986161e;
				_v120 = 0x3fa34;
				_v120 = _v120 * 0x49;
				_v120 = _v120 >> 7;
				_v120 = _v120 ^ 0x00066829;
				_v116 = 0x9c5c94;
				_v116 = _v116 + 0x20fd;
				_v116 = _v116 >> 2;
				_v116 = _v116 ^ 0x0025da20;
				_v212 = 0x6b8402;
				_v212 = _v212 + 0x9bc6;
				_v212 = _v212 * 0x74;
				_v212 = _v212 + 0xe621;
				_v212 = _v212 ^ 0x30fe6560;
				_v96 = 0xbe9741;
				_v96 = _v96 + 0xffffd77c;
				_v96 = _v96 ^ 0x00bbad9c;
				_v304 = 0xe465cf;
				_v304 = _v304 >> 4;
				_v304 = _v304 << 5;
				_v304 = _v304 ^ 0x01c3ad6d;
				_v296 = 0xc47264;
				_v296 = _v296 << 0xc;
				_v296 = _v296 ^ 0x4720cdbf;
				_v132 = 0x7ca780;
				_v132 = _v132 + 0xa093;
				_v132 = _v132 << 7;
				_v132 = _v132 ^ 0x3ea11d20;
				_t976 = _v8;
				_t987 = _v8;
				while(1) {
					L1:
					_t937 = 0xd154a5a;
					while(1) {
						_t846 = _v300;
						while(1) {
							L3:
							_t991 = _t978 - 0x7e00160;
							if(_t991 > 0) {
								break;
							}
							if(_t991 == 0) {
								_t978 = 0xfd2ad77;
								continue;
							} else {
								if(_t978 == 0x1a1d1c) {
									__eflags = E02BB4BFC(_t976, _a16);
									_t978 = 0x6a5d586;
									_t866 = 1;
									_t874 =  !=  ? _t866 : _t874;
									goto L13;
								} else {
									if(_t978 == 0x352276a) {
										_t867 = E02BBDDA9(_v168, _t876, _v280, _t876, _v240, _v144, _t876, _v88, _v112);
										_t987 = _t867;
										__eflags = _t867;
										_t978 =  !=  ? 0x6fee97d : 0xb1727d5;
										E02BD2B09(_v160, 0, _v216, _v128);
										_t989 =  &(_t989[0xa]);
										L39:
										_t876 = _a28;
										_t937 = 0xd154a5a;
										goto L40;
									} else {
										if(_t978 == 0x6a5d586) {
											E02BCE358(_v196, _v176, _t976, _v120);
											_t978 = 0x6d75a8e;
											goto L12;
										} else {
											if(_t978 == 0x6d75a8e) {
												E02BCE358(_v116, _v212, _t846, _v96);
												_t978 = 0xedc04fb;
												L12:
												L13:
												_t876 = _a28;
												goto L1;
											} else {
												if(_t978 != 0x6fee97d) {
													L40:
													__eflags = _t978 - 0xb1727d5;
													if(_t978 != 0xb1727d5) {
														_t846 = _v300;
														continue;
													}
												} else {
													_t846 = E02BBED66(_v20, _v184, _t987, _v248, _v124, _v152, _v204, _a40, _t876, _v104, _a20, _t876, _v28, _v48);
													_t876 = _a28;
													_t989 =  &(_t989[0xe]);
													_v300 = _t846;
													_t937 = 0xd154a5a;
													_t978 =  !=  ? 0xd154a5a : 0xedc04fb;
													continue;
												}
											}
										}
									}
								}
							}
							L43:
							return _t874;
						}
						__eflags = _t978 - _t937;
						if(_t978 == _t937) {
							__eflags =  *_t876;
							if(__eflags == 0) {
								_t847 = _v12;
							} else {
								_push(_v188);
								_push(_v72);
								_push(_v232);
								_t847 = E02BCE1F8(0x2bb1a0c, _v180, __eflags);
								_t989 =  &(_t989[3]);
								_v12 = _t847;
							}
							_t946 = _v16 | _v172 | _v264 | _v200 | _v64 | _v256 | _v164 | _v32 | _v56;
							_t980 = _a32 & 1;
							__eflags = _t980;
							if(_t980 != 0) {
								__eflags = _t946;
							}
							_t976 = E02BB4A88(1, _t946, _a48, _v156, 1, _t847, 1, _v208, _v92, _v300, _v100, _v292, _v224, 1, _v108);
							E02BCFECB(_v12, _v68, _v76, _v84, _v288);
							_t989 =  &(_t989[0x10]);
							__eflags = _t976;
							if(_t976 == 0) {
								_t978 = 0x6d75a8e;
								goto L39;
							} else {
								_v36 = 1;
								E02BD3E0E(_v276,  &_v36, _v284, _v52, _v60, 4, _t976);
								_t989 =  &(_t989[5]);
								__eflags = _t980;
								if(_t980 != 0) {
									E02BCC8CF( &_v36, _t976,  &_v8, _v148, _v244, _v252, _v260, _v268);
									_t769 =  &_v36;
									 *_t769 = _v36 | _v236;
									__eflags =  *_t769;
									E02BD3E0E(_v220,  &_v36, _v44, _v140, _v228, _v8, _t976);
									_t989 =  &(_t989[0xb]);
								}
								_t978 = 0xf81d281;
								goto L13;
							}
						} else {
							__eflags = _t978 - 0xdd5f83a;
							if(__eflags == 0) {
								__eflags = E02BBEF0C(_t976, _v80, __eflags) - _v40;
								_t978 =  ==  ? 0x1a1d1c : 0x6a5d586;
								goto L13;
							} else {
								__eflags = _t978 - 0xedc04fb;
								if(_t978 == 0xedc04fb) {
									E02BCE358(_v304, _v296, _t987, _v132);
								} else {
									__eflags = _t978 - 0xf81d281;
									if(_t978 == 0xf81d281) {
										_t885 =  *_t876;
										__eflags = _t885;
										if(_t885 == 0) {
											_t861 = 0;
											__eflags = 0;
										} else {
											_t861 = _a28[1];
										}
										_push(_t885);
										E02BD10DC(_t976, _v192, _v4, _t885, _v272, _v136, _v24, _t861);
										_t989 =  &(_t989[7]);
										asm("sbb esi, esi");
										_t978 = (_t978 & 0x073022b4) + 0x6a5d586;
										goto L13;
									} else {
										__eflags = _t978 - 0xfd2ad77;
										if(_t978 != 0xfd2ad77) {
											goto L40;
										} else {
											_t978 = 0x352276a;
											goto L3;
										}
									}
								}
							}
						}
						goto L43;
					}
				}
			}
















































































































                                                                                                          0x02bc67f8
                                                                                                          0x02bc6800
                                                                                                          0x02bc680a
                                                                                                          0x02bc6811
                                                                                                          0x02bc6818
                                                                                                          0x02bc681f
                                                                                                          0x02bc6826
                                                                                                          0x02bc682d
                                                                                                          0x02bc682e
                                                                                                          0x02bc6835
                                                                                                          0x02bc6836
                                                                                                          0x02bc683d
                                                                                                          0x02bc6844
                                                                                                          0x02bc684b
                                                                                                          0x02bc6852
                                                                                                          0x02bc6853
                                                                                                          0x02bc6854
                                                                                                          0x02bc6859
                                                                                                          0x02bc6861
                                                                                                          0x02bc6864
                                                                                                          0x02bc686e
                                                                                                          0x02bc6878
                                                                                                          0x02bc6880
                                                                                                          0x02bc6882
                                                                                                          0x02bc688d
                                                                                                          0x02bc6892
                                                                                                          0x02bc689d
                                                                                                          0x02bc68a8
                                                                                                          0x02bc68b3
                                                                                                          0x02bc68be
                                                                                                          0x02bc68c9
                                                                                                          0x02bc68d4
                                                                                                          0x02bc68df
                                                                                                          0x02bc68ea
                                                                                                          0x02bc68f5
                                                                                                          0x02bc6900
                                                                                                          0x02bc690b
                                                                                                          0x02bc6916
                                                                                                          0x02bc6921
                                                                                                          0x02bc692c
                                                                                                          0x02bc6937
                                                                                                          0x02bc693f
                                                                                                          0x02bc6944
                                                                                                          0x02bc6951
                                                                                                          0x02bc6956
                                                                                                          0x02bc6960
                                                                                                          0x02bc6965
                                                                                                          0x02bc696b
                                                                                                          0x02bc6973
                                                                                                          0x02bc697e
                                                                                                          0x02bc6989
                                                                                                          0x02bc6994
                                                                                                          0x02bc699c
                                                                                                          0x02bc69a8
                                                                                                          0x02bc69ab
                                                                                                          0x02bc69ad
                                                                                                          0x02bc69b1
                                                                                                          0x02bc69b6
                                                                                                          0x02bc69c0
                                                                                                          0x02bc69cc
                                                                                                          0x02bc69d1
                                                                                                          0x02bc69d7
                                                                                                          0x02bc69e4
                                                                                                          0x02bc69e5
                                                                                                          0x02bc69e9
                                                                                                          0x02bc69f1
                                                                                                          0x02bc69fc
                                                                                                          0x02bc6a07
                                                                                                          0x02bc6a12
                                                                                                          0x02bc6a1d
                                                                                                          0x02bc6a28
                                                                                                          0x02bc6a30
                                                                                                          0x02bc6a3b
                                                                                                          0x02bc6a43
                                                                                                          0x02bc6a4b
                                                                                                          0x02bc6a53
                                                                                                          0x02bc6a5b
                                                                                                          0x02bc6a63
                                                                                                          0x02bc6a70
                                                                                                          0x02bc6a74
                                                                                                          0x02bc6a7c
                                                                                                          0x02bc6a84
                                                                                                          0x02bc6a8c
                                                                                                          0x02bc6a99
                                                                                                          0x02bc6a9d
                                                                                                          0x02bc6aa2
                                                                                                          0x02bc6aa7
                                                                                                          0x02bc6aaf
                                                                                                          0x02bc6abc
                                                                                                          0x02bc6ac0
                                                                                                          0x02bc6ac5
                                                                                                          0x02bc6aca
                                                                                                          0x02bc6ad2
                                                                                                          0x02bc6ae6
                                                                                                          0x02bc6aed
                                                                                                          0x02bc6af8
                                                                                                          0x02bc6b03
                                                                                                          0x02bc6b0b
                                                                                                          0x02bc6b13
                                                                                                          0x02bc6b18
                                                                                                          0x02bc6b20
                                                                                                          0x02bc6b28
                                                                                                          0x02bc6b30
                                                                                                          0x02bc6b38
                                                                                                          0x02bc6b42
                                                                                                          0x02bc6b46
                                                                                                          0x02bc6b4e
                                                                                                          0x02bc6b56
                                                                                                          0x02bc6b5b
                                                                                                          0x02bc6b63
                                                                                                          0x02bc6b68
                                                                                                          0x02bc6b70
                                                                                                          0x02bc6b78
                                                                                                          0x02bc6b80
                                                                                                          0x02bc6b88
                                                                                                          0x02bc6b95
                                                                                                          0x02bc6b99
                                                                                                          0x02bc6b9e
                                                                                                          0x02bc6ba6
                                                                                                          0x02bc6bae
                                                                                                          0x02bc6bb6
                                                                                                          0x02bc6bbe
                                                                                                          0x02bc6bcb
                                                                                                          0x02bc6bd4
                                                                                                          0x02bc6bd8
                                                                                                          0x02bc6be0
                                                                                                          0x02bc6bed
                                                                                                          0x02bc6bf3
                                                                                                          0x02bc6bfb
                                                                                                          0x02bc6c03
                                                                                                          0x02bc6c0b
                                                                                                          0x02bc6c13
                                                                                                          0x02bc6c1b
                                                                                                          0x02bc6c2a
                                                                                                          0x02bc6c2d
                                                                                                          0x02bc6c31
                                                                                                          0x02bc6c39
                                                                                                          0x02bc6c41
                                                                                                          0x02bc6c49
                                                                                                          0x02bc6c4e
                                                                                                          0x02bc6c56
                                                                                                          0x02bc6c5e
                                                                                                          0x02bc6c6b
                                                                                                          0x02bc6c6f
                                                                                                          0x02bc6c77
                                                                                                          0x02bc6c7f
                                                                                                          0x02bc6c8b
                                                                                                          0x02bc6c90
                                                                                                          0x02bc6c96
                                                                                                          0x02bc6c9e
                                                                                                          0x02bc6ca6
                                                                                                          0x02bc6cae
                                                                                                          0x02bc6cb6
                                                                                                          0x02bc6cbe
                                                                                                          0x02bc6cc9
                                                                                                          0x02bc6cd1
                                                                                                          0x02bc6cdc
                                                                                                          0x02bc6ce7
                                                                                                          0x02bc6cef
                                                                                                          0x02bc6cf7
                                                                                                          0x02bc6d03
                                                                                                          0x02bc6d08
                                                                                                          0x02bc6d0e
                                                                                                          0x02bc6d16
                                                                                                          0x02bc6d21
                                                                                                          0x02bc6d30
                                                                                                          0x02bc6d35
                                                                                                          0x02bc6d3e
                                                                                                          0x02bc6d49
                                                                                                          0x02bc6d5c
                                                                                                          0x02bc6d5d
                                                                                                          0x02bc6d64
                                                                                                          0x02bc6d6f
                                                                                                          0x02bc6d82
                                                                                                          0x02bc6d89
                                                                                                          0x02bc6d94
                                                                                                          0x02bc6d9f
                                                                                                          0x02bc6daa
                                                                                                          0x02bc6db5
                                                                                                          0x02bc6dc0
                                                                                                          0x02bc6dce
                                                                                                          0x02bc6dd2
                                                                                                          0x02bc6dda
                                                                                                          0x02bc6de2
                                                                                                          0x02bc6dea
                                                                                                          0x02bc6df7
                                                                                                          0x02bc6e02
                                                                                                          0x02bc6e0a
                                                                                                          0x02bc6e15
                                                                                                          0x02bc6e29
                                                                                                          0x02bc6e2e
                                                                                                          0x02bc6e37
                                                                                                          0x02bc6e42
                                                                                                          0x02bc6e4d
                                                                                                          0x02bc6e60
                                                                                                          0x02bc6e63
                                                                                                          0x02bc6e66
                                                                                                          0x02bc6e6d
                                                                                                          0x02bc6e78
                                                                                                          0x02bc6e80
                                                                                                          0x02bc6e88
                                                                                                          0x02bc6e90
                                                                                                          0x02bc6e98
                                                                                                          0x02bc6ea0
                                                                                                          0x02bc6eab
                                                                                                          0x02bc6eb3
                                                                                                          0x02bc6ebe
                                                                                                          0x02bc6ec9
                                                                                                          0x02bc6ed6
                                                                                                          0x02bc6eda
                                                                                                          0x02bc6ee2
                                                                                                          0x02bc6eea
                                                                                                          0x02bc6ef2
                                                                                                          0x02bc6efd
                                                                                                          0x02bc6f08
                                                                                                          0x02bc6f13
                                                                                                          0x02bc6f1e
                                                                                                          0x02bc6f29
                                                                                                          0x02bc6f34
                                                                                                          0x02bc6f3f
                                                                                                          0x02bc6f47
                                                                                                          0x02bc6f52
                                                                                                          0x02bc6f5d
                                                                                                          0x02bc6f68
                                                                                                          0x02bc6f70
                                                                                                          0x02bc6f7b
                                                                                                          0x02bc6f83
                                                                                                          0x02bc6f8d
                                                                                                          0x02bc6f99
                                                                                                          0x02bc6f9d
                                                                                                          0x02bc6fa5
                                                                                                          0x02bc6fb0
                                                                                                          0x02bc6fb8
                                                                                                          0x02bc6fc3
                                                                                                          0x02bc6fce
                                                                                                          0x02bc6fe1
                                                                                                          0x02bc6fe8
                                                                                                          0x02bc6ff3
                                                                                                          0x02bc7005
                                                                                                          0x02bc700a
                                                                                                          0x02bc701a
                                                                                                          0x02bc701d
                                                                                                          0x02bc7024
                                                                                                          0x02bc7031
                                                                                                          0x02bc7039
                                                                                                          0x02bc7041
                                                                                                          0x02bc704f
                                                                                                          0x02bc7054
                                                                                                          0x02bc7058
                                                                                                          0x02bc7060
                                                                                                          0x02bc706b
                                                                                                          0x02bc7076
                                                                                                          0x02bc7081
                                                                                                          0x02bc708c
                                                                                                          0x02bc7097
                                                                                                          0x02bc70a2
                                                                                                          0x02bc70b1
                                                                                                          0x02bc70b2
                                                                                                          0x02bc70b6
                                                                                                          0x02bc70c3
                                                                                                          0x02bc70c7
                                                                                                          0x02bc70cf
                                                                                                          0x02bc70d7
                                                                                                          0x02bc70db
                                                                                                          0x02bc70e0
                                                                                                          0x02bc70e8
                                                                                                          0x02bc70f0
                                                                                                          0x02bc70fb
                                                                                                          0x02bc7103
                                                                                                          0x02bc710e
                                                                                                          0x02bc7119
                                                                                                          0x02bc7124
                                                                                                          0x02bc712f
                                                                                                          0x02bc713a
                                                                                                          0x02bc7145
                                                                                                          0x02bc7150
                                                                                                          0x02bc715b
                                                                                                          0x02bc7166
                                                                                                          0x02bc7171
                                                                                                          0x02bc7179
                                                                                                          0x02bc7186
                                                                                                          0x02bc718a
                                                                                                          0x02bc718f
                                                                                                          0x02bc7197
                                                                                                          0x02bc719f
                                                                                                          0x02bc71a7
                                                                                                          0x02bc71af
                                                                                                          0x02bc71b7
                                                                                                          0x02bc71bf
                                                                                                          0x02bc71ca
                                                                                                          0x02bc71d5
                                                                                                          0x02bc71e0
                                                                                                          0x02bc71eb
                                                                                                          0x02bc71f3
                                                                                                          0x02bc71fe
                                                                                                          0x02bc7209
                                                                                                          0x02bc721c
                                                                                                          0x02bc7223
                                                                                                          0x02bc722e
                                                                                                          0x02bc723c
                                                                                                          0x02bc7240
                                                                                                          0x02bc7245
                                                                                                          0x02bc724d
                                                                                                          0x02bc7255
                                                                                                          0x02bc725d
                                                                                                          0x02bc7262
                                                                                                          0x02bc726f
                                                                                                          0x02bc7273
                                                                                                          0x02bc727b
                                                                                                          0x02bc7285
                                                                                                          0x02bc7291
                                                                                                          0x02bc7292
                                                                                                          0x02bc7296
                                                                                                          0x02bc729e
                                                                                                          0x02bc72a6
                                                                                                          0x02bc72b1
                                                                                                          0x02bc72bc
                                                                                                          0x02bc72c7
                                                                                                          0x02bc72d2
                                                                                                          0x02bc72da
                                                                                                          0x02bc72e5
                                                                                                          0x02bc72f0
                                                                                                          0x02bc72f8
                                                                                                          0x02bc7300
                                                                                                          0x02bc7308
                                                                                                          0x02bc730d
                                                                                                          0x02bc7315
                                                                                                          0x02bc7329
                                                                                                          0x02bc7330
                                                                                                          0x02bc733b
                                                                                                          0x02bc7346
                                                                                                          0x02bc734e
                                                                                                          0x02bc735b
                                                                                                          0x02bc735f
                                                                                                          0x02bc7367
                                                                                                          0x02bc736f
                                                                                                          0x02bc737a
                                                                                                          0x02bc7382
                                                                                                          0x02bc738a
                                                                                                          0x02bc7395
                                                                                                          0x02bc73a0
                                                                                                          0x02bc73ab
                                                                                                          0x02bc73b6
                                                                                                          0x02bc73be
                                                                                                          0x02bc73c6
                                                                                                          0x02bc73ce
                                                                                                          0x02bc73d6
                                                                                                          0x02bc73de
                                                                                                          0x02bc73f1
                                                                                                          0x02bc73f8
                                                                                                          0x02bc7400
                                                                                                          0x02bc740b
                                                                                                          0x02bc741e
                                                                                                          0x02bc7425
                                                                                                          0x02bc742d
                                                                                                          0x02bc7438
                                                                                                          0x02bc7443
                                                                                                          0x02bc744e
                                                                                                          0x02bc7456
                                                                                                          0x02bc7461
                                                                                                          0x02bc7469
                                                                                                          0x02bc7476
                                                                                                          0x02bc747a
                                                                                                          0x02bc7482
                                                                                                          0x02bc748a
                                                                                                          0x02bc7495
                                                                                                          0x02bc74a0
                                                                                                          0x02bc74ab
                                                                                                          0x02bc74b3
                                                                                                          0x02bc74b8
                                                                                                          0x02bc74bd
                                                                                                          0x02bc74c5
                                                                                                          0x02bc74cd
                                                                                                          0x02bc74d2
                                                                                                          0x02bc74da
                                                                                                          0x02bc74e5
                                                                                                          0x02bc74f0
                                                                                                          0x02bc74f8
                                                                                                          0x02bc7503
                                                                                                          0x02bc750a
                                                                                                          0x02bc7511
                                                                                                          0x02bc7511
                                                                                                          0x02bc7511
                                                                                                          0x02bc7516
                                                                                                          0x02bc7516
                                                                                                          0x02bc751a
                                                                                                          0x02bc751a
                                                                                                          0x02bc751a
                                                                                                          0x02bc7520
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bc7526
                                                                                                          0x02bc76ab
                                                                                                          0x00000000
                                                                                                          0x02bc752c
                                                                                                          0x02bc7532
                                                                                                          0x02bc7699
                                                                                                          0x02bc769b
                                                                                                          0x02bc76a2
                                                                                                          0x02bc76a3
                                                                                                          0x00000000
                                                                                                          0x02bc7538
                                                                                                          0x02bc753e
                                                                                                          0x02bc7651
                                                                                                          0x02bc765d
                                                                                                          0x02bc7672
                                                                                                          0x02bc7679
                                                                                                          0x02bc767e
                                                                                                          0x02bc7683
                                                                                                          0x02bc7915
                                                                                                          0x02bc7915
                                                                                                          0x02bc791c
                                                                                                          0x00000000
                                                                                                          0x02bc7544
                                                                                                          0x02bc754a
                                                                                                          0x02bc761e
                                                                                                          0x02bc7623
                                                                                                          0x00000000
                                                                                                          0x02bc7550
                                                                                                          0x02bc7556
                                                                                                          0x02bc75f0
                                                                                                          0x02bc75f5
                                                                                                          0x02bc75fa
                                                                                                          0x02bc75fc
                                                                                                          0x02bc75fc
                                                                                                          0x00000000
                                                                                                          0x02bc755c
                                                                                                          0x02bc7563
                                                                                                          0x02bc7921
                                                                                                          0x02bc7921
                                                                                                          0x02bc7927
                                                                                                          0x02bc7516
                                                                                                          0x00000000
                                                                                                          0x02bc7516
                                                                                                          0x02bc7569
                                                                                                          0x02bc75b6
                                                                                                          0x02bc75bb
                                                                                                          0x02bc75c2
                                                                                                          0x02bc75c7
                                                                                                          0x02bc75d0
                                                                                                          0x02bc75d5
                                                                                                          0x00000000
                                                                                                          0x02bc75d5
                                                                                                          0x02bc7563
                                                                                                          0x02bc7556
                                                                                                          0x02bc754a
                                                                                                          0x02bc753e
                                                                                                          0x02bc7532
                                                                                                          0x02bc7945
                                                                                                          0x02bc7951
                                                                                                          0x02bc7951
                                                                                                          0x02bc76b5
                                                                                                          0x02bc76b7
                                                                                                          0x02bc7772
                                                                                                          0x02bc7775
                                                                                                          0x02bc77a6
                                                                                                          0x02bc7777
                                                                                                          0x02bc7777
                                                                                                          0x02bc7783
                                                                                                          0x02bc778a
                                                                                                          0x02bc7795
                                                                                                          0x02bc779a
                                                                                                          0x02bc779d
                                                                                                          0x02bc779d
                                                                                                          0x02bc77e6
                                                                                                          0x02bc77ed
                                                                                                          0x02bc77ed
                                                                                                          0x02bc77ef
                                                                                                          0x02bc77f1
                                                                                                          0x02bc77f1
                                                                                                          0x02bc7841
                                                                                                          0x02bc7858
                                                                                                          0x02bc785d
                                                                                                          0x02bc7860
                                                                                                          0x02bc7862
                                                                                                          0x02bc7910
                                                                                                          0x00000000
                                                                                                          0x02bc7868
                                                                                                          0x02bc788b
                                                                                                          0x02bc7892
                                                                                                          0x02bc7897
                                                                                                          0x02bc789a
                                                                                                          0x02bc789c
                                                                                                          0x02bc78c6
                                                                                                          0x02bc78d6
                                                                                                          0x02bc78d6
                                                                                                          0x02bc78d6
                                                                                                          0x02bc78fe
                                                                                                          0x02bc7903
                                                                                                          0x02bc7903
                                                                                                          0x02bc7906
                                                                                                          0x00000000
                                                                                                          0x02bc7906
                                                                                                          0x02bc76bd
                                                                                                          0x02bc76bd
                                                                                                          0x02bc76c3
                                                                                                          0x02bc7763
                                                                                                          0x02bc776a
                                                                                                          0x00000000
                                                                                                          0x02bc76c9
                                                                                                          0x02bc76c9
                                                                                                          0x02bc76cf
                                                                                                          0x02bc793e
                                                                                                          0x02bc76d5
                                                                                                          0x02bc76d5
                                                                                                          0x02bc76db
                                                                                                          0x02bc76f3
                                                                                                          0x02bc76f5
                                                                                                          0x02bc76f7
                                                                                                          0x02bc7705
                                                                                                          0x02bc7705
                                                                                                          0x02bc76f9
                                                                                                          0x02bc7700
                                                                                                          0x02bc7700
                                                                                                          0x02bc7707
                                                                                                          0x02bc772c
                                                                                                          0x02bc7731
                                                                                                          0x02bc7736
                                                                                                          0x02bc773e
                                                                                                          0x00000000
                                                                                                          0x02bc76dd
                                                                                                          0x02bc76dd
                                                                                                          0x02bc76e3
                                                                                                          0x00000000
                                                                                                          0x02bc76e9
                                                                                                          0x02bc76e9
                                                                                                          0x00000000
                                                                                                          0x02bc76e9
                                                                                                          0x02bc76e3
                                                                                                          0x02bc76db
                                                                                                          0x02bc76cf
                                                                                                          0x02bc76c3
                                                                                                          0x00000000
                                                                                                          0x02bc76b7
                                                                                                          0x02bc7516

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: c'$!$&B$)fVX$2 ]$LG$OHR$OI$R<$n3u$=o$H#$^
                                                                                                          • API String ID: 0-4090907037
                                                                                                          • Opcode ID: 1686d3e3a86f350a75bebdf0951a65ea1611d836fbbc704fef392edd214f2c99
                                                                                                          • Instruction ID: 215f9bcbf3a0b055af14f1b7f445b295e4389a7ff97e4ee7486af2ab6bb2f166
                                                                                                          • Opcode Fuzzy Hash: 1686d3e3a86f350a75bebdf0951a65ea1611d836fbbc704fef392edd214f2c99
                                                                                                          • Instruction Fuzzy Hash: 9692FDB1509381CFD3B9CF25C54AA8BFBE2BBC4308F10891DE5D996260D7B58949CF82
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BCA474, Relevance: 15.4, Strings: 12, Instructions: 357COMMONCrypto
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          C-Code - Quality: 96%
                                                                                                          			E02BCA474(void* __ecx) {
				char _v520;
				char _v1040;
				char _v1560;
				char _v2080;
				char _v2600;
				signed int _v2604;
				signed int _v2608;
				signed int _v2612;
				signed int _v2616;
				signed int _v2620;
				signed int _v2624;
				signed int _v2628;
				signed int _v2632;
				signed int _v2636;
				signed int _v2640;
				signed int _v2644;
				signed int _v2648;
				signed int _v2652;
				signed int _v2656;
				signed int _v2660;
				signed int _v2664;
				signed int _v2668;
				signed int _v2672;
				signed int _v2676;
				signed int _v2680;
				signed int _v2684;
				signed int _v2688;
				signed int _v2692;
				signed int _v2696;
				signed int _v2700;
				signed int _v2704;
				signed int _v2708;
				signed int _v2712;
				signed int _v2716;
				signed int _v2720;
				signed int _v2724;
				signed int _v2728;
				signed int _v2732;
				signed int _v2736;
				signed int _v2740;
				signed int _v2744;
				signed int _v2748;
				signed int _v2752;
				signed int _v2756;
				signed int _v2760;
				signed int _v2764;
				signed int _v2768;
				signed int _v2772;
				signed int _v2776;
				signed int _v2780;
				signed int _v2784;
				signed int _v2788;
				signed int _v2792;
				signed int _t422;
				signed int _t444;
				signed int _t445;
				signed int _t446;
				signed int _t447;
				signed int _t448;
				signed int _t449;
				void* _t487;
				void* _t488;
				signed int* _t492;

				_t492 =  &_v2792;
				_t487 = __ecx;
				_v2736 = 0xa43fec;
				_v2736 = _v2736 + 0xffff66c9;
				_v2736 = _v2736 >> 0xc;
				_v2736 = _v2736 ^ 0x00000a13;
				_v2788 = 0xca245c;
				_v2788 = _v2788 + 0xc295;
				_v2788 = _v2788 << 6;
				_v2788 = _v2788 + 0xffff0e49;
				_v2788 = _v2788 ^ 0x32b58b6e;
				_v2660 = 0x35f9ef;
				_v2660 = _v2660 << 0xe;
				_v2660 = _v2660 ^ 0x7e7543bd;
				_v2688 = 0x437073;
				_v2688 = _v2688 >> 0xe;
				_v2688 = _v2688 ^ 0xf2a4f008;
				_v2688 = _v2688 ^ 0xf2aac2be;
				_v2700 = 0x2c6eea;
				_v2700 = _v2700 >> 1;
				_v2700 = _v2700 | 0x2b7eca56;
				_v2700 = _v2700 ^ 0x2b78a774;
				_v2676 = 0xafd7a5;
				_v2676 = _v2676 >> 0xb;
				_v2676 = _v2676 ^ 0x0002223f;
				_v2740 = 0x8278b2;
				_v2740 = _v2740 << 6;
				_v2740 = _v2740 << 1;
				_v2740 = _v2740 ^ 0x4136a23a;
				_v2612 = 0x7f4f91;
				_v2612 = _v2612 + 0xffff9116;
				_v2612 = _v2612 ^ 0x007102c2;
				_v2668 = 0x4461fd;
				_v2668 = _v2668 * 0x27;
				_v2668 = _v2668 ^ 0x0a629f7c;
				_t488 = 0x219adc7;
				_v2756 = 0xa77258;
				_v2756 = _v2756 >> 2;
				_v2756 = _v2756 + 0x9d81;
				_t444 = 0x54;
				_v2756 = _v2756 * 0x70;
				_v2756 = _v2756 ^ 0x12998c8c;
				_v2628 = 0x3fd810;
				_v2628 = _v2628 + 0xfffff92f;
				_v2628 = _v2628 ^ 0x003ee59a;
				_v2780 = 0x9fe7be;
				_v2780 = _v2780 + 0xaec4;
				_v2780 = _v2780 << 0x10;
				_v2780 = _v2780 >> 2;
				_v2780 = _v2780 ^ 0x25a64a78;
				_v2620 = 0xbf1dbc;
				_v2620 = _v2620 + 0xffff98cb;
				_v2620 = _v2620 ^ 0x00bd158d;
				_v2732 = 0xa8760d;
				_v2732 = _v2732 << 8;
				_v2732 = _v2732 + 0xa9d7;
				_v2732 = _v2732 ^ 0xa87dd804;
				_v2684 = 0xb5ab85;
				_v2684 = _v2684 / _t444;
				_v2684 = _v2684 ^ 0x0004fa7b;
				_v2708 = 0x9eabf6;
				_t445 = 0x4f;
				_v2708 = _v2708 / _t445;
				_v2708 = _v2708 ^ 0xed59372e;
				_v2708 = _v2708 ^ 0xed517486;
				_v2608 = 0x5ae525;
				_v2608 = _v2608 * 0x4c;
				_v2608 = _v2608 ^ 0x1afb43af;
				_v2644 = 0xaf8ee5;
				_v2644 = _v2644 ^ 0xf4d3cb8d;
				_v2644 = _v2644 ^ 0xf47b6f68;
				_v2604 = 0xc38975;
				_v2604 = _v2604 >> 0xf;
				_v2604 = _v2604 ^ 0x000b5702;
				_v2652 = 0x27ffed;
				_v2652 = _v2652 + 0x9a12;
				_v2652 = _v2652 ^ 0x002af41d;
				_v2616 = 0x7935fe;
				_v2616 = _v2616 + 0x1306;
				_v2616 = _v2616 ^ 0x007d2870;
				_v2692 = 0x7d1b3a;
				_t446 = 0x7d;
				_v2692 = _v2692 * 0x5a;
				_v2692 = _v2692 * 0x29;
				_v2692 = _v2692 ^ 0x0b423dcb;
				_v2724 = 0xbe8a04;
				_v2724 = _v2724 * 0x27;
				_v2724 = _v2724 | 0x44bf91fe;
				_v2724 = _v2724 ^ 0x5dbe7768;
				_v2636 = 0x66ae7e;
				_v2636 = _v2636 + 0xffff18a5;
				_v2636 = _v2636 ^ 0x006a6401;
				_v2744 = 0x24afb7;
				_v2744 = _v2744 + 0xf221;
				_v2744 = _v2744 >> 2;
				_v2744 = _v2744 ^ 0x00088a95;
				_v2716 = 0x4884b4;
				_v2716 = _v2716 | 0xbbb03a66;
				_v2716 = _v2716 ^ 0xe76b33e5;
				_v2716 = _v2716 ^ 0x5c9d38b7;
				_v2672 = 0xd2ae7f;
				_v2672 = _v2672 / _t446;
				_v2672 = _v2672 ^ 0x00034be9;
				_v2680 = 0x28809f;
				_v2680 = _v2680 << 8;
				_v2680 = _v2680 ^ 0x28858fb3;
				_v2720 = 0x2529a6;
				_t447 = 0x60;
				_v2720 = _v2720 / _t447;
				_t448 = 0x55;
				_v2720 = _v2720 / _t448;
				_v2720 = _v2720 ^ 0x00015f05;
				_v2728 = 0xe4ec68;
				_v2728 = _v2728 | 0x076980de;
				_v2728 = _v2728 >> 0x10;
				_v2728 = _v2728 ^ 0x00066f44;
				_v2764 = 0x25662b;
				_v2764 = _v2764 + 0x352e;
				_v2764 = _v2764 + 0xd238;
				_v2764 = _v2764 >> 9;
				_v2764 = _v2764 ^ 0x0003808d;
				_v2696 = 0xd79a4d;
				_v2696 = _v2696 >> 0xf;
				_v2696 = _v2696 | 0xe296257b;
				_v2696 = _v2696 ^ 0xe2941eeb;
				_v2704 = 0x8f07c6;
				_v2704 = _v2704 << 6;
				_v2704 = _v2704 << 0xb;
				_v2704 = _v2704 ^ 0x0f8cdb18;
				_v2772 = 0x165ad0;
				_v2772 = _v2772 * 0x45;
				_v2772 = _v2772 * 0xe;
				_v2772 = _v2772 | 0xc27a990b;
				_v2772 = _v2772 ^ 0xd67b0e5a;
				_v2712 = 0x3a0787;
				_v2712 = _v2712 << 9;
				_v2712 = _v2712 << 3;
				_v2712 = _v2712 ^ 0xa0756bb8;
				_v2768 = 0xd1f7d1;
				_v2768 = _v2768 ^ 0x28b4518a;
				_v2768 = _v2768 ^ 0x2c50bf5e;
				_v2768 = _v2768 << 1;
				_v2768 = _v2768 ^ 0x086bcac7;
				_v2664 = 0x43880;
				_v2664 = _v2664 << 2;
				_v2664 = _v2664 ^ 0x001745f4;
				_v2776 = 0x99bfba;
				_v2776 = _v2776 + 0xb20b;
				_v2776 = _v2776 ^ 0x9325107f;
				_v2776 = _v2776 ^ 0x1bb55bce;
				_v2776 = _v2776 ^ 0x880f35ab;
				_v2784 = 0xcf6f67;
				_v2784 = _v2784 | 0xe7eb8da5;
				_t449 = 0x69;
				_v2784 = _v2784 * 5;
				_v2784 = _v2784 >> 0xc;
				_v2784 = _v2784 ^ 0x000ae4cd;
				_v2792 = 0x938e6a;
				_v2792 = _v2792 * 0x34;
				_v2792 = _v2792 + 0xd82d;
				_v2792 = _v2792 + 0xffff3001;
				_v2792 = _v2792 ^ 0x1dfcfd52;
				_v2640 = 0x59feb;
				_v2640 = _v2640 + 0xffffbab8;
				_v2640 = _v2640 ^ 0x000de14c;
				_v2760 = 0x4f2f51;
				_v2760 = _v2760 << 3;
				_v2760 = _v2760 | 0xca7d0b31;
				_v2760 = _v2760 >> 5;
				_v2760 = _v2760 ^ 0x06504f0f;
				_v2648 = 0x12de1c;
				_v2648 = _v2648 << 2;
				_v2648 = _v2648 ^ 0x0044c65b;
				_v2656 = 0xedb7d1;
				_v2656 = _v2656 >> 0xe;
				_v2656 = _v2656 ^ 0x00060f5a;
				_v2624 = 0x25ed17;
				_v2624 = _v2624 << 8;
				_v2624 = _v2624 ^ 0x25e602f4;
				_v2632 = 0xdb105d;
				_v2632 = _v2632 + 0xbf07;
				_v2632 = _v2632 ^ 0x00d56ea2;
				_v2752 = 0xdb9922;
				_v2752 = _v2752 + 0xffff5c98;
				_t422 = _v2752 / _t449;
				_v2752 = _t422;
				_v2752 = _v2752 + 0xe0a7;
				_v2752 = _v2752 ^ 0x000f564b;
				_v2748 = 0x373105;
				_v2748 = _v2748 + 0xffff8875;
				_v2748 = _v2748 | 0xab9c3c2b;
				_v2748 = _v2748 ^ 0xabbdde7d;
				while(_t488 != 0x219adc7) {
					if(_t488 == 0x472b880) {
						E02BB1A34(_v2672,  &_v1040, _t449, _t449, _v2680, _v2720, _v2728, _t449, _v2736, _v2764);
						_push(_v2712);
						_push(_v2772);
						_push(_v2704);
						E02BD2D0A(_v2664, __eflags,  &_v2080, _v2776, _v2784, _v2792, 0x2bb192c,  &_v520,  &_v1040, E02BCE1F8(0x2bb192c, _v2696, __eflags));
						E02BCFECB(_t424, _v2640, _v2760, _v2648, _v2656);
						__eflags = 0;
						return E02BC85FF(_v2624, _v2632, 0, 0,  &_v520, 0, _v2752, 0, _v2748);
					}
					_t500 = _t488 - 0x6430241;
					if(_t488 != 0x6430241) {
						L7:
						__eflags = _t488 - 0xc99ad3;
						if(__eflags != 0) {
							continue;
						} else {
							return _t422;
						}
						L10:
						return _t422;
					}
					E02BD0DB1(_v2788,  &_v2600, _t500, _v2660, _t449, _v2688);
					 *((short*)(E02BC09DD(_v2700,  &_v2600, _v2676, _v2740))) = 0;
					E02BBBAA9(_v2612, _v2668, _t500, _v2756, _v2628,  &_v1560);
					_push(_v2684);
					_push(_v2732);
					_push(_v2620);
					E02BD2D0A(_v2608, _t500,  &_v1560, _v2644, _v2604, _v2652, 0x2bb188c,  &_v2080,  &_v2600, E02BCE1F8(0x2bb188c, _v2780, _t500));
					E02BCFECB(_t436, _v2616, _v2692, _v2724, _v2636);
					_t449 = _v2744;
					_t422 = E02BBBFBE( &_v2080, _t487, _v2716);
					_t492 =  &(_t492[0x18]);
					if(_t422 != 0) {
						_t488 = 0x472b880;
						continue;
					}
					goto L10;
				}
				_t488 = 0x6430241;
				goto L7;
			}


































































                                                                                                          0x02bca474
                                                                                                          0x02bca47e
                                                                                                          0x02bca480
                                                                                                          0x02bca48a
                                                                                                          0x02bca492
                                                                                                          0x02bca497
                                                                                                          0x02bca49f
                                                                                                          0x02bca4a7
                                                                                                          0x02bca4af
                                                                                                          0x02bca4b4
                                                                                                          0x02bca4bc
                                                                                                          0x02bca4c4
                                                                                                          0x02bca4cf
                                                                                                          0x02bca4d7
                                                                                                          0x02bca4e2
                                                                                                          0x02bca4ea
                                                                                                          0x02bca4ef
                                                                                                          0x02bca4f7
                                                                                                          0x02bca4ff
                                                                                                          0x02bca507
                                                                                                          0x02bca50b
                                                                                                          0x02bca513
                                                                                                          0x02bca51b
                                                                                                          0x02bca526
                                                                                                          0x02bca52e
                                                                                                          0x02bca539
                                                                                                          0x02bca541
                                                                                                          0x02bca546
                                                                                                          0x02bca54a
                                                                                                          0x02bca552
                                                                                                          0x02bca55d
                                                                                                          0x02bca568
                                                                                                          0x02bca573
                                                                                                          0x02bca586
                                                                                                          0x02bca58d
                                                                                                          0x02bca598
                                                                                                          0x02bca59d
                                                                                                          0x02bca5a5
                                                                                                          0x02bca5aa
                                                                                                          0x02bca5b9
                                                                                                          0x02bca5bc
                                                                                                          0x02bca5c0
                                                                                                          0x02bca5c8
                                                                                                          0x02bca5d3
                                                                                                          0x02bca5de
                                                                                                          0x02bca5e9
                                                                                                          0x02bca5f1
                                                                                                          0x02bca5f9
                                                                                                          0x02bca5fe
                                                                                                          0x02bca603
                                                                                                          0x02bca60b
                                                                                                          0x02bca616
                                                                                                          0x02bca621
                                                                                                          0x02bca62c
                                                                                                          0x02bca634
                                                                                                          0x02bca639
                                                                                                          0x02bca641
                                                                                                          0x02bca649
                                                                                                          0x02bca65f
                                                                                                          0x02bca666
                                                                                                          0x02bca671
                                                                                                          0x02bca67d
                                                                                                          0x02bca680
                                                                                                          0x02bca684
                                                                                                          0x02bca68c
                                                                                                          0x02bca694
                                                                                                          0x02bca6a7
                                                                                                          0x02bca6ae
                                                                                                          0x02bca6bb
                                                                                                          0x02bca6c6
                                                                                                          0x02bca6d1
                                                                                                          0x02bca6dc
                                                                                                          0x02bca6e7
                                                                                                          0x02bca6ef
                                                                                                          0x02bca6fa
                                                                                                          0x02bca705
                                                                                                          0x02bca710
                                                                                                          0x02bca71b
                                                                                                          0x02bca726
                                                                                                          0x02bca731
                                                                                                          0x02bca73c
                                                                                                          0x02bca74b
                                                                                                          0x02bca74e
                                                                                                          0x02bca757
                                                                                                          0x02bca75b
                                                                                                          0x02bca763
                                                                                                          0x02bca770
                                                                                                          0x02bca774
                                                                                                          0x02bca77c
                                                                                                          0x02bca784
                                                                                                          0x02bca78f
                                                                                                          0x02bca79a
                                                                                                          0x02bca7a5
                                                                                                          0x02bca7ad
                                                                                                          0x02bca7b5
                                                                                                          0x02bca7ba
                                                                                                          0x02bca7c2
                                                                                                          0x02bca7ca
                                                                                                          0x02bca7d2
                                                                                                          0x02bca7da
                                                                                                          0x02bca7e2
                                                                                                          0x02bca7f8
                                                                                                          0x02bca7ff
                                                                                                          0x02bca80a
                                                                                                          0x02bca815
                                                                                                          0x02bca81d
                                                                                                          0x02bca828
                                                                                                          0x02bca834
                                                                                                          0x02bca839
                                                                                                          0x02bca843
                                                                                                          0x02bca846
                                                                                                          0x02bca84a
                                                                                                          0x02bca852
                                                                                                          0x02bca85a
                                                                                                          0x02bca862
                                                                                                          0x02bca867
                                                                                                          0x02bca86f
                                                                                                          0x02bca877
                                                                                                          0x02bca87f
                                                                                                          0x02bca887
                                                                                                          0x02bca88c
                                                                                                          0x02bca894
                                                                                                          0x02bca89c
                                                                                                          0x02bca8a1
                                                                                                          0x02bca8a9
                                                                                                          0x02bca8b1
                                                                                                          0x02bca8b9
                                                                                                          0x02bca8be
                                                                                                          0x02bca8c3
                                                                                                          0x02bca8cb
                                                                                                          0x02bca8d8
                                                                                                          0x02bca8e1
                                                                                                          0x02bca8e7
                                                                                                          0x02bca8f4
                                                                                                          0x02bca901
                                                                                                          0x02bca909
                                                                                                          0x02bca90e
                                                                                                          0x02bca913
                                                                                                          0x02bca91b
                                                                                                          0x02bca923
                                                                                                          0x02bca92b
                                                                                                          0x02bca933
                                                                                                          0x02bca937
                                                                                                          0x02bca93f
                                                                                                          0x02bca94a
                                                                                                          0x02bca952
                                                                                                          0x02bca95d
                                                                                                          0x02bca965
                                                                                                          0x02bca96d
                                                                                                          0x02bca975
                                                                                                          0x02bca97d
                                                                                                          0x02bca985
                                                                                                          0x02bca98d
                                                                                                          0x02bca99c
                                                                                                          0x02bca99d
                                                                                                          0x02bca9a1
                                                                                                          0x02bca9a6
                                                                                                          0x02bca9ae
                                                                                                          0x02bca9bb
                                                                                                          0x02bca9bf
                                                                                                          0x02bca9c7
                                                                                                          0x02bca9cf
                                                                                                          0x02bca9d7
                                                                                                          0x02bca9e2
                                                                                                          0x02bca9ed
                                                                                                          0x02bca9f8
                                                                                                          0x02bcaa00
                                                                                                          0x02bcaa05
                                                                                                          0x02bcaa0d
                                                                                                          0x02bcaa12
                                                                                                          0x02bcaa1a
                                                                                                          0x02bcaa25
                                                                                                          0x02bcaa2d
                                                                                                          0x02bcaa38
                                                                                                          0x02bcaa43
                                                                                                          0x02bcaa4b
                                                                                                          0x02bcaa56
                                                                                                          0x02bcaa61
                                                                                                          0x02bcaa69
                                                                                                          0x02bcaa74
                                                                                                          0x02bcaa7f
                                                                                                          0x02bcaa8a
                                                                                                          0x02bcaa95
                                                                                                          0x02bcaa9d
                                                                                                          0x02bcaaa9
                                                                                                          0x02bcaaab
                                                                                                          0x02bcaaaf
                                                                                                          0x02bcaab7
                                                                                                          0x02bcaabf
                                                                                                          0x02bcaac7
                                                                                                          0x02bcaacf
                                                                                                          0x02bcaad7
                                                                                                          0x02bcaadf
                                                                                                          0x02bcaaed
                                                                                                          0x02bcac4c
                                                                                                          0x02bcac51
                                                                                                          0x02bcac5d
                                                                                                          0x02bcac61
                                                                                                          0x02bcacaa
                                                                                                          0x02bcacca
                                                                                                          0x02bcacd9
                                                                                                          0x00000000
                                                                                                          0x02bcacfa
                                                                                                          0x02bcaaf3
                                                                                                          0x02bcaaf5
                                                                                                          0x02bcac13
                                                                                                          0x02bcac13
                                                                                                          0x02bcac19
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bcad07
                                                                                                          0x02bcad07
                                                                                                          0x02bcad07
                                                                                                          0x02bcab12
                                                                                                          0x02bcab37
                                                                                                          0x02bcab5b
                                                                                                          0x02bcab60
                                                                                                          0x02bcab6c
                                                                                                          0x02bcab70
                                                                                                          0x02bcabc2
                                                                                                          0x02bcabe2
                                                                                                          0x02bcabee
                                                                                                          0x02bcabfa
                                                                                                          0x02bcabff
                                                                                                          0x02bcac04
                                                                                                          0x02bcac0a
                                                                                                          0x00000000
                                                                                                          0x02bcac0a
                                                                                                          0x00000000
                                                                                                          0x02bcac04
                                                                                                          0x02bcac11
                                                                                                          0x00000000

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: $P$%Z$+f%$.5$.7Y$L$Q/O$h$p(}$spC$3k$n,
                                                                                                          • API String ID: 0-500290626
                                                                                                          • Opcode ID: 02e7c289c03ac40b8918a8aa68d23b1a8314cc713c8ddbb93ce7e81a4760b162
                                                                                                          • Instruction ID: c9c536493ccba22c66d87f2ec5d0a6584c0f3dcaa7a9503a5fa2732bff58ff93
                                                                                                          • Opcode Fuzzy Hash: 02e7c289c03ac40b8918a8aa68d23b1a8314cc713c8ddbb93ce7e81a4760b162
                                                                                                          • Instruction Fuzzy Hash: DD12E0714093809FD3A9CF60C98AA8BFBE1FBC4348F108A1DE1DA96260D7B58549CF57
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BCD1BC, Relevance: 15.3, Strings: 12, Instructions: 347COMMONCrypto
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 660 2bcd1bc-2bcd5dd call 2bcfe29 663 2bcd5e8 660->663 664 2bcd5ed-2bcd5f3 663->664 665 2bcd78f-2bcd795 664->665 666 2bcd5f9 664->666 667 2bcd79b-2bcd7a1 665->667 668 2bcd870-2bcd8aa call 2bcfe2a 665->668 669 2bcd5ff-2bcd605 666->669 670 2bcd708-2bcd774 call 2bc67e6 666->670 672 2bcd7a7-2bcd7ad 667->672 673 2bcd851-2bcd86b call 2bd2b09 667->673 698 2bcd8b1 668->698 674 2bcd6c8-2bcd6dd 669->674 675 2bcd60b-2bcd611 669->675 688 2bcd776-2bcd77b 670->688 689 2bcd780 670->689 679 2bcd7af-2bcd7b1 672->679 680 2bcd801-2bcd84f call 2bd2b09 * 3 672->680 703 2bcd785-2bcd78a 673->703 683 2bcd6df-2bcd6e4 call 2bb80c0 674->683 684 2bcd6e6-2bcd6ed call 2bc2e5d 674->684 681 2bcd691-2bcd6a8 675->681 682 2bcd613-2bcd619 675->682 693 2bcd8b6-2bcd8bc 679->693 694 2bcd7b7-2bcd7fc call 2bccca0 call 2bbe404 679->694 680->698 690 2bcd6aa-2bcd6ad 681->690 691 2bcd6b0-2bcd6b8 681->691 695 2bcd65f-2bcd681 call 2bc5779 682->695 696 2bcd61b-2bcd621 682->696 706 2bcd6f2-2bcd703 683->706 684->706 688->663 689->703 690->691 701 2bcd6be-2bcd6c3 691->701 702 2bcd8c4-2bcd8ca 691->702 693->664 705 2bcd8c2 693->705 694->663 709 2bcd8ce-2bcd8da 695->709 717 2bcd687-2bcd68c 695->717 696->693 708 2bcd627-2bcd647 call 2bb6b7a 696->708 698->693 701->663 702->709 703->663 705->709 706->664 719 2bcd649-2bcd651 708->719 720 2bcd653 708->720 717->663 722 2bcd658-2bcd65d 719->722 720->722 722->663
                                                                                                          C-Code - Quality: 86%
                                                                                                          			E02BCD1BC(intOrPtr __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				char _v260;
				char _v268;
				intOrPtr _v272;
				char _v276;
				intOrPtr _v280;
				char _v284;
				intOrPtr _v288;
				signed int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				signed int _v388;
				signed int _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				signed int _v408;
				signed int _v412;
				signed int _v416;
				void* _t309;
				void* _t322;
				intOrPtr _t325;
				intOrPtr _t328;
				intOrPtr _t332;
				void* _t336;
				intOrPtr _t338;
				intOrPtr _t340;
				intOrPtr _t341;
				void* _t343;
				intOrPtr _t346;
				void* _t349;
				intOrPtr _t364;
				intOrPtr _t365;
				void* _t382;
				intOrPtr _t385;
				void* _t390;
				signed int _t391;
				signed int _t392;
				signed int _t393;
				intOrPtr _t394;
				void* _t395;
				void* _t396;
				void* _t397;
				void* _t399;

				_push(_a24);
				_t395 = __edx;
				_push(_a20);
				_v288 = __ecx;
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E02BCFE29(__ecx);
				_v312 = 0xeda4ef;
				_t397 = _t396 + 0x20;
				_v312 = _v312 + 0x7c87;
				_v312 = _v312 ^ 0x00e6bc42;
				_t346 = 0;
				_v356 = 0x83a7cc;
				_t349 = 0x902256d;
				_v356 = _v356 << 0xd;
				_v356 = _v356 | 0xd496e6a5;
				_v356 = _v356 ^ 0xf4f8676c;
				_v388 = 0x254bab;
				_v388 = _v388 | 0x2708e00f;
				_v388 = _v388 << 0xc;
				_v388 = _v388 << 0xa;
				_v388 = _v388 ^ 0xebca5aa3;
				_v376 = 0x3a43eb;
				_v376 = _v376 + 0x5e30;
				_v376 = _v376 ^ 0x2d5dec97;
				_v376 = _v376 ^ 0x2d6492cf;
				_v324 = 0x965e68;
				_v324 = _v324 ^ 0x4fad172c;
				_v324 = _v324 ^ 0x4f30eea0;
				_v404 = 0x95ea8f;
				_t391 = 0x3c;
				_v404 = _v404 / _t391;
				_v404 = _v404 << 0xc;
				_v404 = _v404 | 0x93230375;
				_v404 = _v404 ^ 0xb7f3bbc9;
				_v296 = 0x950835;
				_v296 = _v296 + 0xffff217e;
				_v296 = _v296 ^ 0x0090010d;
				_v412 = 0x146e3b;
				_v412 = _v412 ^ 0xfee339d3;
				_v412 = _v412 | 0x08dab50c;
				_v412 = _v412 << 5;
				_v412 = _v412 ^ 0xdff21b2d;
				_v316 = 0x73cd3;
				_v316 = _v316 << 0xb;
				_v316 = _v316 ^ 0x39e53ce3;
				_v304 = 0x17d1c9;
				_v304 = _v304 | 0x32076b61;
				_v304 = _v304 ^ 0x32193df4;
				_v400 = 0xe22ffc;
				_v400 = _v400 * 0xf;
				_v400 = _v400 << 8;
				_v400 = _v400 >> 5;
				_v400 = _v400 ^ 0x020db90e;
				_v360 = 0x4e823d;
				_v360 = _v360 >> 7;
				_v360 = _v360 >> 0xc;
				_v360 = _v360 ^ 0x000f4c82;
				_v332 = 0x37cdc;
				_v332 = _v332 >> 0xe;
				_v332 = _v332 ^ 0x000cfe6d;
				_v392 = 0x36521e;
				_v392 = _v392 << 2;
				_v392 = _v392 ^ 0x01f25d84;
				_v392 = _v392 + 0xffff6602;
				_v392 = _v392 ^ 0x0122fac3;
				_v292 = 0x811559;
				_v292 = _v292 ^ 0x63e4ed2d;
				_v292 = _v292 ^ 0x636b0aa2;
				_v408 = 0xc9a98b;
				_v408 = _v408 ^ 0x273a7ab7;
				_t392 = 0x3d;
				_v408 = _v408 / _t392;
				_v408 = _v408 | 0xd16a0a28;
				_v408 = _v408 ^ 0xd1e35630;
				_v352 = 0x4de238;
				_v352 = _v352 ^ 0xe481f79a;
				_v352 = _v352 ^ 0xe4c0c54b;
				_v340 = 0x7e756a;
				_v340 = _v340 << 0xb;
				_v340 = _v340 ^ 0xf3ae0159;
				_v384 = 0x3029be;
				_v384 = _v384 + 0x835e;
				_v384 = _v384 ^ 0x9e5eea44;
				_v384 = _v384 ^ 0x9e65521f;
				_v364 = 0xcf8251;
				_v364 = _v364 + 0xffff400c;
				_t393 = 0x78;
				_v364 = _v364 * 0x5a;
				_v364 = _v364 ^ 0x48b0c21e;
				_v320 = 0x2b8f03;
				_v320 = _v320 << 7;
				_v320 = _v320 ^ 0x15cafa02;
				_v372 = 0xb0a86a;
				_v372 = _v372 ^ 0x35b8bfe6;
				_v372 = _v372 ^ 0xed8d6bf1;
				_v372 = _v372 ^ 0xd88344ec;
				_v344 = 0x8c38;
				_v344 = _v344 ^ 0x1ac013b0;
				_v344 = _v344 ^ 0x1ac5368a;
				_v348 = 0x2c1ac3;
				_v348 = _v348 >> 6;
				_v348 = _v348 ^ 0x0005c30d;
				_v300 = 0x3ae4ba;
				_v300 = _v300 >> 0xe;
				_v300 = _v300 ^ 0x00012364;
				_v396 = 0xe1901;
				_v396 = _v396 << 0xe;
				_v396 = _v396 + 0x39a8;
				_v396 = _v396 ^ 0x864e7189;
				_v368 = 0xe5c11e;
				_t394 = _v288;
				_v368 = _v368 / _t393;
				_v368 = _v368 | 0x7320cec6;
				_v368 = _v368 ^ 0x73273aba;
				_v336 = 0xf33546;
				_v336 = _v336 ^ 0x37961faf;
				_v336 = _v336 ^ 0x37663e0b;
				_v328 = 0x922129;
				_v328 = _v328 | 0xf90cd049;
				_v328 = _v328 ^ 0xf99851f2;
				_v416 = 0x9fd52c;
				_v416 = _v416 << 2;
				_v416 = _v416 * 0x22;
				_v416 = _v416 + 0xffff9e7e;
				_v416 = _v416 ^ 0x54e779e0;
				_v380 = 0x615361;
				_v380 = _v380 >> 1;
				_v380 = _v380 + 0x673e;
				_v380 = _v380 ^ 0x003e049c;
				_v308 = 0x9da5c1;
				_v308 = _v308 + 0xf72;
				_v308 = _v308 ^ 0x009db133;
				while(1) {
					L1:
					_t309 = 0xe35a561;
					do {
						while(1) {
							L2:
							_t399 = _t349 - 0x8816d6a;
							if(_t399 > 0) {
								break;
							}
							if(_t399 == 0) {
								_t325 =  *0x2bd6228; // 0x0
								_t328 =  *0x2bd6228; // 0x0
								_t332 =  *0x2bd6228; // 0x0
								_t336 = E02BC67E6(_t394, _v400, _v360, _v332, _v392,  &_v268,  *( *((intOrPtr*)(_t332 + 4)) + 0x14) & 0x0000ffff, _v292,  &_v276,  *( *((intOrPtr*)(_t328 + 4)) + 0x44) & 0x0000ffff, _v408,  *((intOrPtr*)(_t325 + 4)) + 0x20, _v352,  &_v260);
								_t397 = _t397 + 0x30;
								if(_t336 == 0) {
									L25:
									_t349 = 0xc732dcb;
									while(1) {
										L1:
										_t309 = 0xe35a561;
										goto L2;
									}
								} else {
									_t349 = 0x772d3d2;
									while(1) {
										L1:
										_t309 = 0xe35a561;
										goto L2;
									}
								}
							} else {
								if(_t349 == 0x200f7b2) {
									if(_v280 >= _v308) {
										_t338 = E02BC2E5D( &_v284,  &_v276);
									} else {
										_t338 = E02BB80C0( &_v284);
									}
									_t394 = _t338;
									_t309 = 0xe35a561;
									_t349 =  !=  ? 0xe35a561 : 0xc732dcb;
									continue;
								} else {
									if(_t349 == 0x323c58a) {
										_t364 =  *0x2bd6228; // 0x0
										_t340 =  *((intOrPtr*)( *((intOrPtr*)(_t364 + 4)) + 0x18));
										 *((intOrPtr*)(_t364 + 0x1c)) =  *((intOrPtr*)(_t364 + 0x1c)) + 1;
										_t385 =  *((intOrPtr*)(_t364 + 0x1c));
										 *((intOrPtr*)(_t364 + 4)) = _t340;
										if(_t340 == 0) {
											 *((intOrPtr*)(_t364 + 4)) =  *((intOrPtr*)(_t364 + 0x14));
										}
										_t341 =  *0x2bd6228; // 0x0
										if(_t385 >=  *((intOrPtr*)(_t341 + 0x18))) {
											_t365 =  *0x2bd6228; // 0x0
											 *(_t365 + 0x1c) =  *(_t365 + 0x1c) & 0x00000000;
										} else {
											_t349 = 0x902256d;
											while(1) {
												L1:
												_t309 = 0xe35a561;
												goto L2;
											}
										}
									} else {
										if(_t349 == 0x54cb160) {
											_t343 = E02BC5779( &_v284, _t395, _v388, _v376, _v288);
											_t397 = _t397 + 0xc;
											if(_t343 != 0) {
												_t349 = 0x200f7b2;
												while(1) {
													L1:
													_t309 = 0xe35a561;
													goto L2;
												}
											}
										} else {
											if(_t349 != 0x772d3d2) {
												goto L35;
											} else {
												if(E02BB6B7A(_v340, _a16, _v384,  &_v268) == 0) {
													_t390 = 0x323c58a;
												} else {
													_t390 = 0x72c7f38;
													_t346 = 1;
												}
												_t349 = 0x939e27d;
												while(1) {
													L1:
													_t309 = 0xe35a561;
													goto L2;
												}
											}
										}
									}
								}
							}
							L38:
							return _t346;
						}
						if(_t349 == 0x902256d) {
							_t394 = 0;
							E02BCFE2A(_v312, _v356, 0x100,  &_v260);
							_v276 = 0;
							_t349 = 0x54cb160;
							_v272 = 0;
							_v284 = 0;
							_v280 = 0;
							goto L34;
						} else {
							if(_t349 == 0x939e27d) {
								E02BD2B09(_v364, _v268, _v320, _v372);
								goto L25;
							} else {
								if(_t349 == 0xc732dcb) {
									E02BD2B09(_v344, _v284, _v348, _v300);
									E02BD2B09(_v396, _t394, _v368, _v336);
									E02BD2B09(_v328, _v276, _v416, _v380);
									_t397 = _t397 + 0x18;
									_t349 = _t390;
									L34:
									_t309 = 0xe35a561;
									goto L35;
								} else {
									if(_t349 != _t309) {
										goto L35;
									} else {
										_push(_t349);
										_push(_t349);
										_t322 = E02BCCCA0(1, 0x40);
										_push( &_v260);
										_push(_t322);
										_push(_v304);
										_t382 = 0xb;
										E02BBE404(_v316, _t382);
										_t397 = _t397 + 0x1c;
										_t349 = 0x8816d6a;
										goto L1;
									}
								}
							}
						}
						goto L38;
						L35:
					} while (_t349 != 0x72c7f38);
					goto L38;
				}
			}



































































                                                                                                          0x02bcd1c6
                                                                                                          0x02bcd1cd
                                                                                                          0x02bcd1d1
                                                                                                          0x02bcd1d8
                                                                                                          0x02bcd1df
                                                                                                          0x02bcd1e6
                                                                                                          0x02bcd1ed
                                                                                                          0x02bcd1f4
                                                                                                          0x02bcd1fb
                                                                                                          0x02bcd1fc
                                                                                                          0x02bcd1fd
                                                                                                          0x02bcd202
                                                                                                          0x02bcd20d
                                                                                                          0x02bcd210
                                                                                                          0x02bcd21a
                                                                                                          0x02bcd222
                                                                                                          0x02bcd224
                                                                                                          0x02bcd22c
                                                                                                          0x02bcd231
                                                                                                          0x02bcd236
                                                                                                          0x02bcd23e
                                                                                                          0x02bcd246
                                                                                                          0x02bcd24e
                                                                                                          0x02bcd256
                                                                                                          0x02bcd25b
                                                                                                          0x02bcd260
                                                                                                          0x02bcd268
                                                                                                          0x02bcd270
                                                                                                          0x02bcd278
                                                                                                          0x02bcd280
                                                                                                          0x02bcd288
                                                                                                          0x02bcd290
                                                                                                          0x02bcd298
                                                                                                          0x02bcd2a0
                                                                                                          0x02bcd2ae
                                                                                                          0x02bcd2b1
                                                                                                          0x02bcd2b5
                                                                                                          0x02bcd2ba
                                                                                                          0x02bcd2c2
                                                                                                          0x02bcd2ca
                                                                                                          0x02bcd2d5
                                                                                                          0x02bcd2e0
                                                                                                          0x02bcd2eb
                                                                                                          0x02bcd2f3
                                                                                                          0x02bcd2fb
                                                                                                          0x02bcd303
                                                                                                          0x02bcd308
                                                                                                          0x02bcd310
                                                                                                          0x02bcd318
                                                                                                          0x02bcd31d
                                                                                                          0x02bcd325
                                                                                                          0x02bcd330
                                                                                                          0x02bcd33b
                                                                                                          0x02bcd346
                                                                                                          0x02bcd353
                                                                                                          0x02bcd357
                                                                                                          0x02bcd35c
                                                                                                          0x02bcd361
                                                                                                          0x02bcd369
                                                                                                          0x02bcd371
                                                                                                          0x02bcd376
                                                                                                          0x02bcd37b
                                                                                                          0x02bcd383
                                                                                                          0x02bcd38b
                                                                                                          0x02bcd390
                                                                                                          0x02bcd398
                                                                                                          0x02bcd3a0
                                                                                                          0x02bcd3a5
                                                                                                          0x02bcd3ad
                                                                                                          0x02bcd3b5
                                                                                                          0x02bcd3bd
                                                                                                          0x02bcd3c8
                                                                                                          0x02bcd3d5
                                                                                                          0x02bcd3e0
                                                                                                          0x02bcd3e8
                                                                                                          0x02bcd3f6
                                                                                                          0x02bcd3fb
                                                                                                          0x02bcd401
                                                                                                          0x02bcd409
                                                                                                          0x02bcd411
                                                                                                          0x02bcd419
                                                                                                          0x02bcd421
                                                                                                          0x02bcd429
                                                                                                          0x02bcd431
                                                                                                          0x02bcd436
                                                                                                          0x02bcd43e
                                                                                                          0x02bcd446
                                                                                                          0x02bcd44e
                                                                                                          0x02bcd456
                                                                                                          0x02bcd45e
                                                                                                          0x02bcd466
                                                                                                          0x02bcd473
                                                                                                          0x02bcd47b
                                                                                                          0x02bcd47f
                                                                                                          0x02bcd487
                                                                                                          0x02bcd48f
                                                                                                          0x02bcd494
                                                                                                          0x02bcd49c
                                                                                                          0x02bcd4a4
                                                                                                          0x02bcd4ac
                                                                                                          0x02bcd4b4
                                                                                                          0x02bcd4bc
                                                                                                          0x02bcd4c4
                                                                                                          0x02bcd4cc
                                                                                                          0x02bcd4d4
                                                                                                          0x02bcd4dc
                                                                                                          0x02bcd4e1
                                                                                                          0x02bcd4e9
                                                                                                          0x02bcd4f4
                                                                                                          0x02bcd4fc
                                                                                                          0x02bcd507
                                                                                                          0x02bcd50f
                                                                                                          0x02bcd51c
                                                                                                          0x02bcd524
                                                                                                          0x02bcd52c
                                                                                                          0x02bcd53a
                                                                                                          0x02bcd541
                                                                                                          0x02bcd545
                                                                                                          0x02bcd54d
                                                                                                          0x02bcd555
                                                                                                          0x02bcd55d
                                                                                                          0x02bcd565
                                                                                                          0x02bcd56d
                                                                                                          0x02bcd575
                                                                                                          0x02bcd57d
                                                                                                          0x02bcd585
                                                                                                          0x02bcd58d
                                                                                                          0x02bcd597
                                                                                                          0x02bcd59b
                                                                                                          0x02bcd5a3
                                                                                                          0x02bcd5ab
                                                                                                          0x02bcd5b3
                                                                                                          0x02bcd5b7
                                                                                                          0x02bcd5bf
                                                                                                          0x02bcd5c7
                                                                                                          0x02bcd5d2
                                                                                                          0x02bcd5dd
                                                                                                          0x02bcd5e8
                                                                                                          0x02bcd5e8
                                                                                                          0x02bcd5e8
                                                                                                          0x02bcd5ed
                                                                                                          0x02bcd5ed
                                                                                                          0x02bcd5ed
                                                                                                          0x02bcd5ed
                                                                                                          0x02bcd5f3
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bcd5f9
                                                                                                          0x02bcd716
                                                                                                          0x02bcd726
                                                                                                          0x02bcd742
                                                                                                          0x02bcd76a
                                                                                                          0x02bcd76f
                                                                                                          0x02bcd774
                                                                                                          0x02bcd785
                                                                                                          0x02bcd785
                                                                                                          0x02bcd5e8
                                                                                                          0x02bcd5e8
                                                                                                          0x02bcd5e8
                                                                                                          0x00000000
                                                                                                          0x02bcd5e8
                                                                                                          0x02bcd776
                                                                                                          0x02bcd776
                                                                                                          0x02bcd5e8
                                                                                                          0x02bcd5e8
                                                                                                          0x02bcd5e8
                                                                                                          0x00000000
                                                                                                          0x02bcd5e8
                                                                                                          0x02bcd5e8
                                                                                                          0x02bcd5ff
                                                                                                          0x02bcd605
                                                                                                          0x02bcd6dd
                                                                                                          0x02bcd6ed
                                                                                                          0x02bcd6df
                                                                                                          0x02bcd6df
                                                                                                          0x02bcd6df
                                                                                                          0x02bcd6f2
                                                                                                          0x02bcd6fb
                                                                                                          0x02bcd700
                                                                                                          0x00000000
                                                                                                          0x02bcd60b
                                                                                                          0x02bcd611
                                                                                                          0x02bcd691
                                                                                                          0x02bcd69a
                                                                                                          0x02bcd69d
                                                                                                          0x02bcd6a0
                                                                                                          0x02bcd6a3
                                                                                                          0x02bcd6a8
                                                                                                          0x02bcd6ad
                                                                                                          0x02bcd6ad
                                                                                                          0x02bcd6b0
                                                                                                          0x02bcd6b8
                                                                                                          0x02bcd8c4
                                                                                                          0x02bcd8ca
                                                                                                          0x02bcd6be
                                                                                                          0x02bcd6be
                                                                                                          0x02bcd5e8
                                                                                                          0x02bcd5e8
                                                                                                          0x02bcd5e8
                                                                                                          0x00000000
                                                                                                          0x02bcd5e8
                                                                                                          0x02bcd5e8
                                                                                                          0x02bcd613
                                                                                                          0x02bcd619
                                                                                                          0x02bcd677
                                                                                                          0x02bcd67c
                                                                                                          0x02bcd681
                                                                                                          0x02bcd687
                                                                                                          0x02bcd5e8
                                                                                                          0x02bcd5e8
                                                                                                          0x02bcd5e8
                                                                                                          0x00000000
                                                                                                          0x02bcd5e8
                                                                                                          0x02bcd5e8
                                                                                                          0x02bcd61b
                                                                                                          0x02bcd621
                                                                                                          0x00000000
                                                                                                          0x02bcd627
                                                                                                          0x02bcd647
                                                                                                          0x02bcd653
                                                                                                          0x02bcd649
                                                                                                          0x02bcd64b
                                                                                                          0x02bcd650
                                                                                                          0x02bcd650
                                                                                                          0x02bcd658
                                                                                                          0x02bcd5e8
                                                                                                          0x02bcd5e8
                                                                                                          0x02bcd5e8
                                                                                                          0x00000000
                                                                                                          0x02bcd5e8
                                                                                                          0x02bcd5e8
                                                                                                          0x02bcd621
                                                                                                          0x02bcd619
                                                                                                          0x02bcd611
                                                                                                          0x02bcd605
                                                                                                          0x02bcd8d1
                                                                                                          0x02bcd8da
                                                                                                          0x02bcd8da
                                                                                                          0x02bcd795
                                                                                                          0x02bcd87f
                                                                                                          0x02bcd887
                                                                                                          0x02bcd890
                                                                                                          0x02bcd897
                                                                                                          0x02bcd89c
                                                                                                          0x02bcd8a3
                                                                                                          0x02bcd8aa
                                                                                                          0x00000000
                                                                                                          0x02bcd79b
                                                                                                          0x02bcd7a1
                                                                                                          0x02bcd864
                                                                                                          0x00000000
                                                                                                          0x02bcd7a7
                                                                                                          0x02bcd7ad
                                                                                                          0x02bcd817
                                                                                                          0x02bcd82a
                                                                                                          0x02bcd845
                                                                                                          0x02bcd84a
                                                                                                          0x02bcd84d
                                                                                                          0x02bcd8b1
                                                                                                          0x02bcd8b1
                                                                                                          0x00000000
                                                                                                          0x02bcd7af
                                                                                                          0x02bcd7b1
                                                                                                          0x00000000
                                                                                                          0x02bcd7b7
                                                                                                          0x02bcd7ca
                                                                                                          0x02bcd7cb
                                                                                                          0x02bcd7d0
                                                                                                          0x02bcd7dc
                                                                                                          0x02bcd7dd
                                                                                                          0x02bcd7de
                                                                                                          0x02bcd7ee
                                                                                                          0x02bcd7ef
                                                                                                          0x02bcd7f4
                                                                                                          0x02bcd7f7
                                                                                                          0x00000000
                                                                                                          0x02bcd7f7
                                                                                                          0x02bcd7b1
                                                                                                          0x02bcd7ad
                                                                                                          0x02bcd7a1
                                                                                                          0x00000000
                                                                                                          0x02bcd8b6
                                                                                                          0x02bcd8b6
                                                                                                          0x00000000
                                                                                                          0x02bcd8c2

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: -c$0^$8M$>g$aSa$ju~$}9$}9$<9$C:$yT$yT
                                                                                                          • API String ID: 0-111235429
                                                                                                          • Opcode ID: f98f49adee360ad18652d4ad30ea3ec95330cb961874ec1f455cf027e2c5cd38
                                                                                                          • Instruction ID: d33520a62fa14879b0c4ff8e15a2b43cdb514b48eca865ecd68764b290fe472d
                                                                                                          • Opcode Fuzzy Hash: f98f49adee360ad18652d4ad30ea3ec95330cb961874ec1f455cf027e2c5cd38
                                                                                                          • Instruction Fuzzy Hash: 330250751083809FD369CF25C489A6BBBE1FBC4348F60892DE6DA86260D7B1C949CF43
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BB57B8, Relevance: 14.4, Strings: 11, Instructions: 616COMMONCrypto
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 724 2bb57b8-2bb6307 call 2bcfe29 727 2bb6312 724->727 728 2bb6317 727->728 729 2bb631c-2bb6322 728->729 730 2bb6578-2bb657e 729->730 731 2bb6328 729->731 732 2bb668f-2bb66b7 call 2bd12c1 730->732 733 2bb6584-2bb658a 730->733 734 2bb648f-2bb6569 call 2bce1f8 * 2 call 2bb738a call 2bcfecb * 2 731->734 735 2bb632e-2bb6330 731->735 751 2bb66bc-2bb66cb 732->751 737 2bb6641-2bb668a call 2bbc5d8 733->737 738 2bb6590-2bb6596 733->738 785 2bb656e-2bb6573 734->785 739 2bb641d-2bb648a call 2bb1bc9 735->739 740 2bb6336-2bb6338 735->740 737->729 744 2bb659c-2bb65a2 738->744 745 2bb6637-2bb663c 738->745 739->728 746 2bb66de-2bb66fd call 2bbf7fe 740->746 747 2bb633e-2bb6340 740->747 753 2bb65a8-2bb6632 call 2bce1f8 call 2bbf288 call 2bcfecb 744->753 754 2bb66d0-2bb66d6 744->754 745->729 767 2bb66fe-2bb670a 746->767 755 2bb63d0-2bb641b call 2bb22c9 747->755 756 2bb6346-2bb634c 747->756 751->754 753->785 754->729 760 2bb66dc 754->760 772 2bb63a3-2bb63a7 755->772 762 2bb634e-2bb6350 756->762 763 2bb63ac-2bb63ce call 2bd2b09 756->763 760->767 762->754 769 2bb6356-2bb63a0 call 2bccbe9 762->769 763->772 769->772 772->727 785->751
                                                                                                          C-Code - Quality: 94%
                                                                                                          			E02BB57B8(intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				char _v8;
				void _v12;
				void _v16;
				char _v20;
				intOrPtr _v24;
				char _v28;
				char _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				unsigned int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				intOrPtr _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				void* _t657;
				intOrPtr _t715;
				void* _t716;
				void* _t717;
				void* _t725;
				void* _t729;
				void* _t737;
				void* _t740;
				intOrPtr _t746;
				void* _t798;
				void* _t814;
				signed int _t816;
				signed int _t817;
				signed int _t818;
				signed int _t819;
				signed int _t820;
				signed int _t821;
				signed int _t822;
				signed int _t823;
				signed int _t824;
				signed int _t825;
				signed int _t826;
				signed int _t827;
				signed int _t828;
				void* _t829;
				void* _t832;
				void* _t833;
				void* _t834;
				void* _t840;

				_push(_a24);
				_t746 = __edx;
				_push(_a20);
				_v224 = __edx;
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(0x20);
				E02BCFE29(_t657);
				_v108 = 0x7f0a1;
				_t834 = _t833 + 0x20;
				_t832 = 0;
				_t740 = 0xa8b367c;
				_t816 = 0x72;
				_v108 = _v108 / _t816;
				_v108 = _v108 ^ 0x000011d4;
				_v220 = 0x3ea28;
				_v220 = _v220 | 0x6e60dce4;
				_v220 = _v220 << 0xd;
				_v220 = _v220 ^ 0x7fdd8000;
				_v272 = 0xf906dc;
				_v272 = _v272 + 0x5e9;
				_t817 = 0x7a;
				_v272 = _v272 * 0x15;
				_v272 = _v272 << 0xb;
				_v272 = _v272 ^ 0x70614800;
				_v264 = 0x600b37;
				_v264 = _v264 / _t817;
				_v264 = _v264 ^ 0x262493f0;
				_t818 = 0x3e;
				_v264 = _v264 * 0x11;
				_v264 = _v264 ^ 0x886a01f8;
				_v260 = 0xf3d497;
				_v260 = _v260 / _t818;
				_v260 = _v260 >> 6;
				_v260 = _v260 >> 3;
				_v260 = _v260 ^ 0x000001f7;
				_v156 = 0x8d2235;
				_v156 = _v156 >> 0xe;
				_t819 = 0xe;
				_v156 = _v156 * 0x5b;
				_v156 = _v156 ^ 0x0000c87c;
				_v292 = 0xf4d;
				_v292 = _v292 + 0x4732;
				_v292 = _v292 << 0x10;
				_v292 = _v292 << 0xe;
				_v292 = _v292 ^ 0xc0000000;
				_v216 = 0x258eaf;
				_v216 = _v216 * 0x48;
				_v216 = _v216 / _t819;
				_v216 = _v216 ^ 0x00c126f1;
				_v96 = 0xf75e54;
				_v96 = _v96 + 0xffff74b2;
				_v96 = _v96 ^ 0x00f6d306;
				_v268 = 0x92da;
				_v268 = _v268 >> 0xc;
				_v268 = _v268 + 0x1646;
				_v268 = _v268 << 0xd;
				_v268 = _v268 ^ 0x02c9e000;
				_v196 = 0xf0429c;
				_t820 = 0x3d;
				_v196 = _v196 * 0x60;
				_v196 = _v196 >> 3;
				_v196 = _v196 ^ 0x0b431f50;
				_v232 = 0x6bfae5;
				_v232 = _v232 / _t820;
				_v232 = _v232 >> 4;
				_v232 = _v232 * 0x6e;
				_v232 = _v232 ^ 0x000c2b3c;
				_v40 = 0xa24143;
				_v40 = _v40 + 0xffff9191;
				_v40 = _v40 ^ 0x00a231cd;
				_v80 = 0x435983;
				_v80 = _v80 >> 0x10;
				_v80 = _v80 ^ 0x000556e3;
				_v180 = 0x94eafd;
				_v180 = _v180 + 0x1d08;
				_v180 = _v180 | 0xe944a694;
				_v180 = _v180 ^ 0xe9df3ebb;
				_v228 = 0xbcce84;
				_v228 = _v228 + 0xffff815d;
				_v228 = _v228 ^ 0xe4fbb881;
				_v228 = _v228 >> 0xe;
				_v228 = _v228 ^ 0x0005fd7e;
				_v112 = 0x2fdad;
				_v112 = _v112 ^ 0x4ab81af1;
				_v112 = _v112 ^ 0x4abb9e1a;
				_v64 = 0x50dc85;
				_v64 = _v64 + 0xffff4d8c;
				_v64 = _v64 ^ 0x005cdb40;
				_v52 = 0x47f34d;
				_v52 = _v52 + 0xffff898a;
				_v52 = _v52 ^ 0x004c7feb;
				_v72 = 0xc369b0;
				_v72 = _v72 * 0x64;
				_v72 = _v72 ^ 0x4c5d6799;
				_v132 = 0xe6e6b0;
				_v132 = _v132 >> 0xb;
				_v132 = _v132 * 0x6c;
				_v132 = _v132 ^ 0x00059f00;
				_v172 = 0x544ea4;
				_v172 = _v172 << 5;
				_v172 = _v172 | 0xc018668b;
				_v172 = _v172 ^ 0xca962b34;
				_v148 = 0x61f17d;
				_v148 = _v148 >> 0xc;
				_v148 = _v148 + 0xffff8980;
				_v148 = _v148 ^ 0xfffa8c30;
				_v100 = 0xf619bc;
				_v100 = _v100 >> 0xa;
				_v100 = _v100 ^ 0x00008a95;
				_v200 = 0xa94e7a;
				_v200 = _v200 + 0xa696;
				_v200 = _v200 + 0xffff4550;
				_v200 = _v200 ^ 0x00a03757;
				_v208 = 0x57e0ef;
				_v208 = _v208 ^ 0x592bbff9;
				_v208 = _v208 ^ 0x4b5d2b88;
				_v208 = _v208 ^ 0x1221726f;
				_v284 = 0x804076;
				_v284 = _v284 ^ 0x9dc3529f;
				_v284 = _v284 + 0x2ad8;
				_v284 = _v284 << 7;
				_v284 = _v284 ^ 0xa19e17b3;
				_v176 = 0xb506b1;
				_v176 = _v176 | 0xc528794d;
				_v176 = _v176 + 0x810e;
				_v176 = _v176 ^ 0xc5bbfa9c;
				_v184 = 0x64408f;
				_v184 = _v184 << 3;
				_v184 = _v184 >> 0xf;
				_v184 = _v184 ^ 0x00066ce1;
				_v252 = 0x9e8dfe;
				_v252 = _v252 | 0x2316ff28;
				_v252 = _v252 + 0xbb4b;
				_v252 = _v252 ^ 0x205df49d;
				_v252 = _v252 ^ 0x03c75996;
				_v192 = 0x20a385;
				_v192 = _v192 ^ 0x2edbbce0;
				_v192 = _v192 >> 5;
				_v192 = _v192 ^ 0x017066cd;
				_v312 = 0x989161;
				_v312 = _v312 + 0xa008;
				_v312 = _v312 + 0x4ac;
				_v312 = _v312 | 0x9f8d4417;
				_v312 = _v312 ^ 0x9f9ed397;
				_v320 = 0x6ba986;
				_t821 = 0x4d;
				_v320 = _v320 * 0x35;
				_v320 = _v320 + 0x6b8c;
				_v320 = _v320 + 0x347b;
				_v320 = _v320 ^ 0x164ad328;
				_v236 = 0xcaa528;
				_v236 = _v236 + 0x2035;
				_v236 = _v236 | 0x7bffa27f;
				_v236 = _v236 ^ 0x7bfdb1d6;
				_v276 = 0xb040eb;
				_v276 = _v276 * 0x3a;
				_v276 = _v276 >> 2;
				_v276 = _v276 >> 0xb;
				_v276 = _v276 ^ 0x00065548;
				_v280 = 0xf1680b;
				_v280 = _v280 >> 0xa;
				_v280 = _v280 >> 1;
				_v280 = _v280 >> 0xd;
				_v280 = _v280 ^ 0x00049c20;
				_v288 = 0x575f50;
				_v288 = _v288 << 0xe;
				_v288 = _v288 | 0xa77b0e2e;
				_v288 = _v288 * 0x52;
				_v288 = _v288 ^ 0x6fbbe03a;
				_v296 = 0x568d1e;
				_v296 = _v296 >> 0xb;
				_v296 = _v296 >> 6;
				_v296 = _v296 >> 9;
				_v296 = _v296 ^ 0x0008fa1d;
				_v304 = 0xd1fef6;
				_v304 = _v304 << 0x10;
				_v304 = _v304 * 0x2d;
				_v304 = _v304 << 9;
				_v304 = _v304 ^ 0x7c01ef7f;
				_v92 = 0xea5a63;
				_v92 = _v92 << 0xd;
				_v92 = _v92 ^ 0x4b4e4928;
				_v76 = 0xf64e35;
				_v76 = _v76 + 0xbf9b;
				_v76 = _v76 ^ 0x00fbc5d2;
				_v248 = 0xc75c6;
				_v248 = _v248 ^ 0x54d7d0af;
				_v248 = _v248 / _t821;
				_v248 = _v248 | 0x9c98695d;
				_v248 = _v248 ^ 0x9d9ac3a5;
				_v256 = 0x504a74;
				_v256 = _v256 | 0x8719e45c;
				_v256 = _v256 * 0x7b;
				_v256 = _v256 ^ 0x8d2796a4;
				_v256 = _v256 ^ 0x85162cc6;
				_v84 = 0x519e4e;
				_v84 = _v84 ^ 0x8be7953d;
				_v84 = _v84 ^ 0x8bbbe938;
				_v168 = 0x311266;
				_v168 = _v168 ^ 0x18ab2cb8;
				_v168 = _v168 << 9;
				_v168 = _v168 ^ 0x3478f01c;
				_v60 = 0x61fbf7;
				_v60 = _v60 >> 0x10;
				_v60 = _v60 ^ 0x000e504b;
				_v240 = 0xf8ae17;
				_v240 = _v240 >> 3;
				_v240 = _v240 | 0x050ada64;
				_v240 = _v240 ^ 0x567c7cbc;
				_v240 = _v240 ^ 0x53659cbf;
				_v68 = 0xee6d4a;
				_t374 =  &_v68; // 0xee6d4a
				_t822 = 0x49;
				_v68 =  *_t374 * 0xf;
				_v68 = _v68 ^ 0x0dff5dbc;
				_v300 = 0x550c32;
				_v300 = _v300 * 0x12;
				_v300 = _v300 + 0xffff8d7f;
				_v300 = _v300 << 1;
				_v300 = _v300 ^ 0x0bfb5da9;
				_v124 = 0x6baac1;
				_v124 = _v124 * 0x60;
				_t823 = 0x6f;
				_v124 = _v124 / _t822;
				_v124 = _v124 ^ 0x0084cf47;
				_v188 = 0xec1707;
				_v188 = _v188 << 0xc;
				_v188 = _v188 + 0x1505;
				_v188 = _v188 ^ 0xc1795754;
				_v244 = 0xd962f7;
				_v244 = _v244 + 0xffffa966;
				_v244 = _v244 | 0x93df07c8;
				_v244 = _v244 >> 1;
				_v244 = _v244 ^ 0x49e87f80;
				_v48 = 0x35494e;
				_v48 = _v48 / _t823;
				_v48 = _v48 ^ 0x000830fa;
				_v88 = 0x633bdd;
				_v88 = _v88 + 0xc138;
				_v88 = _v88 ^ 0x006a2257;
				_v56 = 0x559d1c;
				_v56 = _v56 + 0xffff12d8;
				_v56 = _v56 ^ 0x005735ca;
				_v104 = 0xdd1aac;
				_v104 = _v104 << 4;
				_v104 = _v104 ^ 0x0dd90d21;
				_v44 = 0x4278da;
				_t824 = 0x4e;
				_v44 = _v44 * 0x42;
				_v44 = _v44 ^ 0x112c636d;
				_v116 = 0x4ec2e;
				_v116 = _v116 + 0xffff43d8;
				_v116 = _v116 ^ 0x00065017;
				_v308 = 0xc5e4c2;
				_v308 = _v308 * 0x26;
				_v308 = _v308 + 0xa26d;
				_v308 = _v308 << 0xe;
				_v308 = _v308 ^ 0x25c4a583;
				_v36 = 0x60fc2;
				_v36 = _v36 * 0x2e;
				_v36 = _v36 ^ 0x011987ae;
				_v140 = 0x8a5839;
				_v140 = _v140 << 0xb;
				_v140 = _v140 / _t824;
				_v140 = _v140 ^ 0x010a1534;
				_t814 = 0x30e419;
				_v204 = 0x180842;
				_v204 = _v204 ^ 0x577ac785;
				_v204 = _v204 + 0x1256;
				_v204 = _v204 ^ 0x5761cb73;
				_v136 = 0xcc77c3;
				_v136 = _v136 | 0x2e5c8e9b;
				_t825 = 0x3c;
				_v12 = 0xc2dfee2;
				_v16 = 0x8d06406;
				_v136 = _v136 * 0x19;
				_v136 = _v136 ^ 0x93985978;
				_v144 = 0xcb98e2;
				_v144 = _v144 ^ 0x2e2af391;
				_v144 = _v144 + 0xffff95d2;
				_v144 = _v144 ^ 0x2ee989ff;
				_v152 = 0x6e8dcb;
				_v152 = _v152 * 0x64;
				_v152 = _v152 ^ 0xf6de88b0;
				_v152 = _v152 ^ 0xddf9340f;
				_v160 = 0x1f41c3;
				_v160 = _v160 / _t825;
				_v160 = _v160 ^ 0x710c49d1;
				_v160 = _v160 ^ 0x7106b0fc;
				_v164 = 0xea0060;
				_v164 = _v164 << 2;
				_t826 = 0x54;
				_v164 = _v164 * 0x51;
				_v164 = _v164 ^ 0x2820691f;
				_v212 = 0x1a562c;
				_v212 = _v212 + 0xffff6884;
				_v212 = _v212 / _t826;
				_v212 = _v212 ^ 0x000ca439;
				_v316 = 0xc049a;
				_t827 = 0x4a;
				_v316 = _v316 / _t827;
				_v316 = _v316 >> 0xd;
				_v316 = _v316 >> 0xc;
				_v316 = _v316 ^ 0x000978cf;
				_v120 = 0xbc159f;
				_t828 = 0x75;
				_v120 = _v120 * 0x6f;
				_t829 = 0x3acf932;
				_v120 = _v120 / _t828;
				_v120 = _v120 ^ 0x00bb77de;
				_v128 = 0x83c7e3;
				_v128 = _v128 ^ 0x1c1c3aef;
				_v128 = _v128 ^ 0x03a71d14;
				_v128 = _v128 ^ 0x1f3d9b10;
				while(1) {
					L1:
					while(1) {
						do {
							while(1) {
								L3:
								_t840 = _t740 - 0x6051746;
								if(_t840 <= 0) {
									break;
								}
								__eflags = _t740 - 0x644521d;
								if(_t740 == 0x644521d) {
									E02BD12C1(_v32, _v136, _v144, _v152, _v160);
									_t740 = 0x4160ee8;
									goto L25;
								} else {
									__eflags = _t740 - 0x8d06406;
									if(_t740 == 0x8d06406) {
										_push(_t746);
										_push(_t746);
										_t715 = E02BBC5D8(_v20);
										_t746 = _v224;
										_t834 = _t834 + 0xc;
										__eflags = _t715;
										_v24 = _t715;
										_t798 = 0x26ffc0;
										_t740 =  !=  ? 0x26ffc0 : _t814;
										_t716 = 0x5dc2900;
										continue;
									} else {
										__eflags = _t740 - 0xa8b367c;
										if(__eflags == 0) {
											_t740 = 0x6051746;
											continue;
										} else {
											__eflags = _t740 - 0xc2dfee2;
											if(__eflags == 0) {
												_push(_v276);
												_push(_v236);
												_push(_v320);
												_t737 = E02BBF288(_v272, _v280, E02BCE1F8(0x2bb13f8, _v312, __eflags), _v288,  &_v8,  &_v20, _v296, 0x2bb13f8, _v304, _v28, _v92);
												_t834 = _t834 + 0x30;
												__eflags = _t737 - _v264;
												_t740 =  ==  ? _v16 : _t814;
												E02BCFECB(_t734, _v76, _v248, _v256, _v84);
												L16:
												_t829 = 0x3acf932;
												L25:
												_t746 = _v224;
												_t834 = _t834 + 0xc;
												_t798 = 0x26ffc0;
											}
											goto L26;
										}
									}
								}
								L29:
								return _t832;
							}
							if(_t840 == 0) {
								_push(_v228);
								_push(_v180);
								_push(_v80);
								_t717 = E02BCE1F8(0x2bb13a8, _v40, __eflags);
								_push(_v72);
								_push(_v52);
								_push(_v64);
								__eflags = E02BB738A(_v132, _t717, _v172, _v108,  &_v28, E02BCE1F8(0x2bb1318, _v112, __eflags), _v148) - _v220;
								_t740 =  ==  ? _v12 : 0x1841daf;
								E02BCFECB(_t717, _v100, _v200, _v208, _v284);
								_t834 = _t834 + 0x38;
								E02BCFECB(_t718, _v176, _v184, _v252, _v192);
								_t814 = 0x30e419;
								goto L16;
							} else {
								if(_t740 == _t798) {
									_t725 = E02BB1BC9(_v260, _v28, _v300, _v124, _v20, _v188, _v244, _v156, _v24,  &_v32, _v48, _v88);
									_t834 = _t834 + 0x2c;
									__eflags = _t725 - _v292;
									_t746 = _v224;
									_t716 = 0x5dc2900;
									_t740 =  ==  ? 0x5dc2900 : 0x4160ee8;
									goto L3;
								} else {
									if(_t740 == _t814) {
										E02BBF7FE(_v120, _v28, _v128, _v232);
									} else {
										if(_t740 == _t829) {
											_t729 = E02BB22C9(_v308, _v36, _v32, 0x20, _a20, _v140, _v204, _v268);
											_t834 = _t834 + 0x18;
											_t740 = 0x644521d;
											__eflags = _t729 - _v196;
											_t832 =  ==  ? 1 : _t832;
											goto L11;
										} else {
											if(_t740 == 0x4160ee8) {
												E02BD2B09(_v164, _v24, _v212, _v316);
												_t740 = _t814;
												goto L11;
											} else {
												if(_t740 != _t716) {
													goto L26;
												} else {
													E02BCCBE9(_v216, _a12, _v56, _t746, _v104, _v44, _v116, _v32);
													_t834 = _t834 + 0x18;
													_t740 =  ==  ? _t829 : 0x644521d;
													L11:
													_t746 = _v224;
													goto L1;
												}
											}
										}
									}
								}
							}
							goto L29;
							L26:
							__eflags = _t740 - 0x1841daf;
						} while (__eflags != 0);
						goto L29;
					}
				}
			}















































































































                                                                                                          0x02bb57c2
                                                                                                          0x02bb57c9
                                                                                                          0x02bb57cb
                                                                                                          0x02bb57d2
                                                                                                          0x02bb57d6
                                                                                                          0x02bb57dd
                                                                                                          0x02bb57e4
                                                                                                          0x02bb57eb
                                                                                                          0x02bb57f2
                                                                                                          0x02bb57f3
                                                                                                          0x02bb57f5
                                                                                                          0x02bb57fa
                                                                                                          0x02bb5805
                                                                                                          0x02bb5811
                                                                                                          0x02bb5813
                                                                                                          0x02bb581a
                                                                                                          0x02bb581f
                                                                                                          0x02bb5828
                                                                                                          0x02bb5833
                                                                                                          0x02bb583b
                                                                                                          0x02bb5843
                                                                                                          0x02bb5848
                                                                                                          0x02bb5850
                                                                                                          0x02bb5858
                                                                                                          0x02bb5865
                                                                                                          0x02bb5868
                                                                                                          0x02bb586c
                                                                                                          0x02bb5871
                                                                                                          0x02bb5879
                                                                                                          0x02bb5889
                                                                                                          0x02bb588d
                                                                                                          0x02bb589a
                                                                                                          0x02bb589d
                                                                                                          0x02bb58a1
                                                                                                          0x02bb58a9
                                                                                                          0x02bb58b9
                                                                                                          0x02bb58bd
                                                                                                          0x02bb58c2
                                                                                                          0x02bb58c7
                                                                                                          0x02bb58cf
                                                                                                          0x02bb58da
                                                                                                          0x02bb58ea
                                                                                                          0x02bb58eb
                                                                                                          0x02bb58f2
                                                                                                          0x02bb58fd
                                                                                                          0x02bb5905
                                                                                                          0x02bb590d
                                                                                                          0x02bb5912
                                                                                                          0x02bb5917
                                                                                                          0x02bb591f
                                                                                                          0x02bb592c
                                                                                                          0x02bb5936
                                                                                                          0x02bb593a
                                                                                                          0x02bb5942
                                                                                                          0x02bb594d
                                                                                                          0x02bb5958
                                                                                                          0x02bb5963
                                                                                                          0x02bb596b
                                                                                                          0x02bb5972
                                                                                                          0x02bb597a
                                                                                                          0x02bb597f
                                                                                                          0x02bb5987
                                                                                                          0x02bb599c
                                                                                                          0x02bb599d
                                                                                                          0x02bb59a4
                                                                                                          0x02bb59ac
                                                                                                          0x02bb59b7
                                                                                                          0x02bb59c5
                                                                                                          0x02bb59c9
                                                                                                          0x02bb59d3
                                                                                                          0x02bb59d7
                                                                                                          0x02bb59df
                                                                                                          0x02bb59ea
                                                                                                          0x02bb59f5
                                                                                                          0x02bb5a00
                                                                                                          0x02bb5a0b
                                                                                                          0x02bb5a13
                                                                                                          0x02bb5a1e
                                                                                                          0x02bb5a29
                                                                                                          0x02bb5a34
                                                                                                          0x02bb5a3f
                                                                                                          0x02bb5a4a
                                                                                                          0x02bb5a52
                                                                                                          0x02bb5a5a
                                                                                                          0x02bb5a62
                                                                                                          0x02bb5a67
                                                                                                          0x02bb5a6f
                                                                                                          0x02bb5a7a
                                                                                                          0x02bb5a85
                                                                                                          0x02bb5a90
                                                                                                          0x02bb5a9b
                                                                                                          0x02bb5aa6
                                                                                                          0x02bb5ab1
                                                                                                          0x02bb5abc
                                                                                                          0x02bb5ac7
                                                                                                          0x02bb5ad2
                                                                                                          0x02bb5ae5
                                                                                                          0x02bb5aec
                                                                                                          0x02bb5af7
                                                                                                          0x02bb5b02
                                                                                                          0x02bb5b12
                                                                                                          0x02bb5b19
                                                                                                          0x02bb5b24
                                                                                                          0x02bb5b2f
                                                                                                          0x02bb5b37
                                                                                                          0x02bb5b42
                                                                                                          0x02bb5b4d
                                                                                                          0x02bb5b58
                                                                                                          0x02bb5b60
                                                                                                          0x02bb5b6b
                                                                                                          0x02bb5b76
                                                                                                          0x02bb5b81
                                                                                                          0x02bb5b89
                                                                                                          0x02bb5b94
                                                                                                          0x02bb5b9f
                                                                                                          0x02bb5baa
                                                                                                          0x02bb5bb5
                                                                                                          0x02bb5bc0
                                                                                                          0x02bb5bcb
                                                                                                          0x02bb5bd6
                                                                                                          0x02bb5be1
                                                                                                          0x02bb5bec
                                                                                                          0x02bb5bf4
                                                                                                          0x02bb5bfc
                                                                                                          0x02bb5c04
                                                                                                          0x02bb5c09
                                                                                                          0x02bb5c11
                                                                                                          0x02bb5c1c
                                                                                                          0x02bb5c27
                                                                                                          0x02bb5c32
                                                                                                          0x02bb5c3d
                                                                                                          0x02bb5c4a
                                                                                                          0x02bb5c52
                                                                                                          0x02bb5c5a
                                                                                                          0x02bb5c65
                                                                                                          0x02bb5c6d
                                                                                                          0x02bb5c75
                                                                                                          0x02bb5c7d
                                                                                                          0x02bb5c85
                                                                                                          0x02bb5c8d
                                                                                                          0x02bb5c98
                                                                                                          0x02bb5ca3
                                                                                                          0x02bb5cab
                                                                                                          0x02bb5cb6
                                                                                                          0x02bb5cbe
                                                                                                          0x02bb5cc6
                                                                                                          0x02bb5cce
                                                                                                          0x02bb5cd6
                                                                                                          0x02bb5cde
                                                                                                          0x02bb5ced
                                                                                                          0x02bb5cee
                                                                                                          0x02bb5cf2
                                                                                                          0x02bb5cfa
                                                                                                          0x02bb5d02
                                                                                                          0x02bb5d0a
                                                                                                          0x02bb5d12
                                                                                                          0x02bb5d1a
                                                                                                          0x02bb5d22
                                                                                                          0x02bb5d2a
                                                                                                          0x02bb5d37
                                                                                                          0x02bb5d3b
                                                                                                          0x02bb5d40
                                                                                                          0x02bb5d45
                                                                                                          0x02bb5d4d
                                                                                                          0x02bb5d55
                                                                                                          0x02bb5d5a
                                                                                                          0x02bb5d5e
                                                                                                          0x02bb5d63
                                                                                                          0x02bb5d6b
                                                                                                          0x02bb5d73
                                                                                                          0x02bb5d78
                                                                                                          0x02bb5d85
                                                                                                          0x02bb5d89
                                                                                                          0x02bb5d91
                                                                                                          0x02bb5d99
                                                                                                          0x02bb5d9e
                                                                                                          0x02bb5da3
                                                                                                          0x02bb5da8
                                                                                                          0x02bb5db0
                                                                                                          0x02bb5db8
                                                                                                          0x02bb5dc2
                                                                                                          0x02bb5dc6
                                                                                                          0x02bb5dcb
                                                                                                          0x02bb5dd3
                                                                                                          0x02bb5dde
                                                                                                          0x02bb5de6
                                                                                                          0x02bb5df1
                                                                                                          0x02bb5dfc
                                                                                                          0x02bb5e07
                                                                                                          0x02bb5e12
                                                                                                          0x02bb5e1a
                                                                                                          0x02bb5e28
                                                                                                          0x02bb5e2c
                                                                                                          0x02bb5e34
                                                                                                          0x02bb5e3c
                                                                                                          0x02bb5e44
                                                                                                          0x02bb5e51
                                                                                                          0x02bb5e55
                                                                                                          0x02bb5e5d
                                                                                                          0x02bb5e65
                                                                                                          0x02bb5e70
                                                                                                          0x02bb5e7b
                                                                                                          0x02bb5e86
                                                                                                          0x02bb5e93
                                                                                                          0x02bb5e9e
                                                                                                          0x02bb5ea6
                                                                                                          0x02bb5eb1
                                                                                                          0x02bb5ebc
                                                                                                          0x02bb5ec4
                                                                                                          0x02bb5ecf
                                                                                                          0x02bb5ed7
                                                                                                          0x02bb5edc
                                                                                                          0x02bb5ee4
                                                                                                          0x02bb5eec
                                                                                                          0x02bb5ef4
                                                                                                          0x02bb5eff
                                                                                                          0x02bb5f09
                                                                                                          0x02bb5f0c
                                                                                                          0x02bb5f13
                                                                                                          0x02bb5f1e
                                                                                                          0x02bb5f2b
                                                                                                          0x02bb5f2f
                                                                                                          0x02bb5f37
                                                                                                          0x02bb5f3b
                                                                                                          0x02bb5f43
                                                                                                          0x02bb5f56
                                                                                                          0x02bb5f66
                                                                                                          0x02bb5f67
                                                                                                          0x02bb5f70
                                                                                                          0x02bb5f7b
                                                                                                          0x02bb5f86
                                                                                                          0x02bb5f8e
                                                                                                          0x02bb5f99
                                                                                                          0x02bb5fa4
                                                                                                          0x02bb5fac
                                                                                                          0x02bb5fb4
                                                                                                          0x02bb5fbc
                                                                                                          0x02bb5fc0
                                                                                                          0x02bb5fc8
                                                                                                          0x02bb5fde
                                                                                                          0x02bb5fe5
                                                                                                          0x02bb5ff0
                                                                                                          0x02bb5ffb
                                                                                                          0x02bb6006
                                                                                                          0x02bb6011
                                                                                                          0x02bb601c
                                                                                                          0x02bb6027
                                                                                                          0x02bb6032
                                                                                                          0x02bb603d
                                                                                                          0x02bb6045
                                                                                                          0x02bb6050
                                                                                                          0x02bb6063
                                                                                                          0x02bb6064
                                                                                                          0x02bb606b
                                                                                                          0x02bb6076
                                                                                                          0x02bb6081
                                                                                                          0x02bb608c
                                                                                                          0x02bb6097
                                                                                                          0x02bb60a4
                                                                                                          0x02bb60a8
                                                                                                          0x02bb60b0
                                                                                                          0x02bb60b5
                                                                                                          0x02bb60bd
                                                                                                          0x02bb60d0
                                                                                                          0x02bb60d7
                                                                                                          0x02bb60e2
                                                                                                          0x02bb60ed
                                                                                                          0x02bb6102
                                                                                                          0x02bb610b
                                                                                                          0x02bb6116
                                                                                                          0x02bb611b
                                                                                                          0x02bb6126
                                                                                                          0x02bb6131
                                                                                                          0x02bb613c
                                                                                                          0x02bb6147
                                                                                                          0x02bb6152
                                                                                                          0x02bb6165
                                                                                                          0x02bb6168
                                                                                                          0x02bb6173
                                                                                                          0x02bb617e
                                                                                                          0x02bb6185
                                                                                                          0x02bb6190
                                                                                                          0x02bb619b
                                                                                                          0x02bb61a6
                                                                                                          0x02bb61b1
                                                                                                          0x02bb61bc
                                                                                                          0x02bb61cf
                                                                                                          0x02bb61d6
                                                                                                          0x02bb61e1
                                                                                                          0x02bb61ec
                                                                                                          0x02bb6202
                                                                                                          0x02bb6209
                                                                                                          0x02bb6214
                                                                                                          0x02bb621f
                                                                                                          0x02bb622a
                                                                                                          0x02bb623a
                                                                                                          0x02bb623d
                                                                                                          0x02bb6244
                                                                                                          0x02bb624f
                                                                                                          0x02bb625a
                                                                                                          0x02bb6270
                                                                                                          0x02bb6277
                                                                                                          0x02bb6282
                                                                                                          0x02bb628e
                                                                                                          0x02bb6293
                                                                                                          0x02bb6299
                                                                                                          0x02bb629e
                                                                                                          0x02bb62a3
                                                                                                          0x02bb62ab
                                                                                                          0x02bb62be
                                                                                                          0x02bb62bf
                                                                                                          0x02bb62cf
                                                                                                          0x02bb62d4
                                                                                                          0x02bb62db
                                                                                                          0x02bb62e6
                                                                                                          0x02bb62f1
                                                                                                          0x02bb62fc
                                                                                                          0x02bb6307
                                                                                                          0x02bb6312
                                                                                                          0x02bb6312
                                                                                                          0x02bb6317
                                                                                                          0x02bb631c
                                                                                                          0x02bb631c
                                                                                                          0x02bb631c
                                                                                                          0x02bb631c
                                                                                                          0x02bb6322
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bb6578
                                                                                                          0x02bb657e
                                                                                                          0x02bb66b2
                                                                                                          0x02bb66b7
                                                                                                          0x00000000
                                                                                                          0x02bb6584
                                                                                                          0x02bb6584
                                                                                                          0x02bb658a
                                                                                                          0x02bb665a
                                                                                                          0x02bb665b
                                                                                                          0x02bb6663
                                                                                                          0x02bb6668
                                                                                                          0x02bb666f
                                                                                                          0x02bb6672
                                                                                                          0x02bb6674
                                                                                                          0x02bb667d
                                                                                                          0x02bb6682
                                                                                                          0x02bb6685
                                                                                                          0x00000000
                                                                                                          0x02bb6590
                                                                                                          0x02bb6590
                                                                                                          0x02bb6596
                                                                                                          0x02bb6637
                                                                                                          0x00000000
                                                                                                          0x02bb659c
                                                                                                          0x02bb659c
                                                                                                          0x02bb65a2
                                                                                                          0x02bb65a8
                                                                                                          0x02bb65b1
                                                                                                          0x02bb65b5
                                                                                                          0x02bb65fb
                                                                                                          0x02bb6600
                                                                                                          0x02bb660b
                                                                                                          0x02bb6616
                                                                                                          0x02bb662d
                                                                                                          0x02bb656e
                                                                                                          0x02bb656e
                                                                                                          0x02bb66bc
                                                                                                          0x02bb66bc
                                                                                                          0x02bb66c3
                                                                                                          0x02bb66cb
                                                                                                          0x02bb66cb
                                                                                                          0x00000000
                                                                                                          0x02bb65a2
                                                                                                          0x02bb6596
                                                                                                          0x02bb658a
                                                                                                          0x02bb6700
                                                                                                          0x02bb670a
                                                                                                          0x02bb670a
                                                                                                          0x02bb6328
                                                                                                          0x02bb648f
                                                                                                          0x02bb6498
                                                                                                          0x02bb649f
                                                                                                          0x02bb64ad
                                                                                                          0x02bb64bc
                                                                                                          0x02bb64c3
                                                                                                          0x02bb64ca
                                                                                                          0x02bb651c
                                                                                                          0x02bb6524
                                                                                                          0x02bb6541
                                                                                                          0x02bb6546
                                                                                                          0x02bb6564
                                                                                                          0x02bb6569
                                                                                                          0x00000000
                                                                                                          0x02bb632e
                                                                                                          0x02bb6330
                                                                                                          0x02bb6469
                                                                                                          0x02bb6470
                                                                                                          0x02bb647c
                                                                                                          0x02bb647e
                                                                                                          0x02bb6482
                                                                                                          0x02bb6487
                                                                                                          0x00000000
                                                                                                          0x02bb6336
                                                                                                          0x02bb6338
                                                                                                          0x02bb66f7
                                                                                                          0x02bb633e
                                                                                                          0x02bb6340
                                                                                                          0x02bb63fd
                                                                                                          0x02bb640e
                                                                                                          0x02bb6411
                                                                                                          0x02bb6416
                                                                                                          0x02bb6418
                                                                                                          0x00000000
                                                                                                          0x02bb6346
                                                                                                          0x02bb634c
                                                                                                          0x02bb63c5
                                                                                                          0x02bb63cc
                                                                                                          0x00000000
                                                                                                          0x02bb634e
                                                                                                          0x02bb6350
                                                                                                          0x00000000
                                                                                                          0x02bb6356
                                                                                                          0x02bb6388
                                                                                                          0x02bb638f
                                                                                                          0x02bb63a0
                                                                                                          0x02bb63a3
                                                                                                          0x02bb63a3
                                                                                                          0x00000000
                                                                                                          0x02bb63a3
                                                                                                          0x02bb6350
                                                                                                          0x02bb634c
                                                                                                          0x02bb6340
                                                                                                          0x02bb6338
                                                                                                          0x02bb6330
                                                                                                          0x00000000
                                                                                                          0x02bb66d0
                                                                                                          0x02bb66d0
                                                                                                          0x02bb66d0
                                                                                                          0x00000000
                                                                                                          0x02bb66dc
                                                                                                          0x02bb6317

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: (INK$2G$5 $Jm$NI5$P_W$W"j$`$tJP${4$W
                                                                                                          • API String ID: 0-4122124823
                                                                                                          • Opcode ID: c80156f241ed8d73360d78f59691ae40ab710235d28af76355a261b3ccd04b6f
                                                                                                          • Instruction ID: 0f9921f6d758572d2882981bb0829e7ec2d1daca3ff7948b21489cf63694fa1a
                                                                                                          • Opcode Fuzzy Hash: c80156f241ed8d73360d78f59691ae40ab710235d28af76355a261b3ccd04b6f
                                                                                                          • Instruction Fuzzy Hash: 2872EE715093818FD779CF65C58AB9FBBE2BBC4304F108A1DE2DA86260D7B18959CF42
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BBD14C, Relevance: 14.1, Strings: 11, Instructions: 385COMMONCrypto
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 786 2bbd14c-2bbd7fc 787 2bbd807 786->787 788 2bbd80c-2bbd80e 787->788 789 2bbd80f-2bbd811 788->789 790 2bbd92e-2bbd934 789->790 791 2bbd817 789->791 794 2bbd93a-2bbd940 790->794 795 2bbda2d-2bbda6a call 2bb1a34 790->795 792 2bbda79-2bbda95 call 2bb3046 791->792 793 2bbd81d-2bbd823 791->793 816 2bbda98-2bbdaa9 792->816 796 2bbd89d-2bbd913 call 2bc7c4e 793->796 797 2bbd825-2bbd82b 793->797 799 2bbd9fe-2bbda21 call 2bce8b6 794->799 800 2bbd946-2bbd94c 794->800 807 2bbda6b-2bbda71 795->807 820 2bbd919-2bbd929 796->820 821 2bbd85d-2bbd85f 796->821 804 2bbd87a-2bbd886 797->804 805 2bbd82d-2bbd833 797->805 799->816 822 2bbda23-2bbda28 799->822 800->807 808 2bbd952-2bbd9f9 call 2bce1f8 call 2bb7078 call 2bbf96f call 2bcfecb 800->808 817 2bbd88b-2bbd88e 804->817 812 2bbd861-2bbd878 call 2bcb257 805->812 813 2bbd835-2bbd83b 805->813 807->789 814 2bbda77 807->814 808->787 812->788 813->807 823 2bbd841-2bbd85a call 2bb3046 813->823 814->816 818 2bbd888 817->818 819 2bbd890-2bbd898 817->819 818->817 819->789 820->788 821->788 822->788 823->821
                                                                                                          C-Code - Quality: 98%
                                                                                                          			E02BBD14C() {
				char _v520;
				char _v1040;
				char _v1560;
				signed int _v1564;
				signed int _v1568;
				signed int _v1572;
				signed int _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				signed int _v1708;
				signed int _v1712;
				signed int _v1716;
				signed int _v1720;
				signed int _v1724;
				signed int _v1728;
				signed int _v1732;
				signed int _v1736;
				signed int _v1740;
				signed int _v1744;
				signed int _v1748;
				signed int _v1752;
				signed int _v1756;
				void* _t429;
				intOrPtr _t432;
				intOrPtr _t436;
				signed int _t440;
				void* _t441;
				void* _t459;
				signed int _t468;
				intOrPtr _t469;
				intOrPtr* _t470;
				signed int _t471;
				signed int _t472;
				signed int _t473;
				signed int _t476;
				signed int* _t477;
				void* _t480;

				_t477 =  &_v1756;
				_v1600 = 0x9247ff;
				_t441 = 0xcb67425;
				_v1600 = _v1600 + 0x9ce;
				_v1600 = _v1600 ^ 0x009251e4;
				_v1720 = 0x31cc78;
				_v1720 = _v1720 ^ 0xe44f8b4e;
				_v1720 = _v1720 | 0xfbe7febf;
				_v1720 = _v1720 ^ 0xfff0ff80;
				_v1612 = 0x6730db;
				_v1612 = _v1612 << 0xe;
				_v1612 = _v1612 ^ 0xcc36c002;
				_v1668 = 0x7fe6a4;
				_v1668 = _v1668 + 0xffff1494;
				_v1668 = _v1668 ^ 0x091c946b;
				_v1668 = _v1668 ^ 0x09626f51;
				_v1756 = 0x73e886;
				_v1756 = _v1756 | 0xafbdbbdf;
				_v1756 = _v1756 + 0xfe30;
				_v1756 = _v1756 ^ 0xb000fa0f;
				_v1604 = 0x468da6;
				_v1604 = _v1604 + 0xffffc3ca;
				_v1604 = _v1604 ^ 0x00465160;
				_v1592 = 0xd4519;
				_v1592 = _v1592 + 0x934d;
				_v1592 = _v1592 ^ 0x0004ddfc;
				_v1640 = 0x8a1a75;
				_v1640 = _v1640 + 0x87da;
				_v1640 = _v1640 + 0xaa53;
				_v1640 = _v1640 ^ 0x008e8924;
				_v1648 = 0xe80c10;
				_v1648 = _v1648 ^ 0x90af551f;
				_v1648 = _v1648 + 0x6d6d;
				_v1648 = _v1648 ^ 0x90403b69;
				_v1712 = 0x809df1;
				_v1712 = _v1712 << 2;
				_v1712 = _v1712 << 7;
				_v1576 = _v1576 & 0x00000000;
				_v1712 = _v1712 * 0x69;
				_v1712 = _v1712 ^ 0x81832f4f;
				_v1656 = 0xe952a2;
				_v1656 = _v1656 | 0x54fcc54b;
				_v1656 = _v1656 + 0xffff1739;
				_v1656 = _v1656 ^ 0x54fad21b;
				_v1700 = 0xbcdb1b;
				_v1700 = _v1700 + 0xdccd;
				_v1700 = _v1700 + 0xffffcf6f;
				_v1700 = _v1700 ^ 0x00b72c28;
				_v1628 = 0x5c7dad;
				_v1628 = _v1628 >> 5;
				_v1628 = _v1628 + 0x3d87;
				_v1628 = _v1628 ^ 0x000cf9b2;
				_v1660 = 0x2281c9;
				_v1660 = _v1660 * 0x49;
				_v1660 = _v1660 >> 5;
				_v1660 = _v1660 ^ 0x004fb411;
				_v1568 = 0xcd133d;
				_v1568 = _v1568 * 0x4e;
				_v1568 = _v1568 ^ 0x3e7dd872;
				_v1672 = 0x86c6ca;
				_v1672 = _v1672 * 0x5f;
				_v1672 = _v1672 + 0xffff3952;
				_v1672 = _v1672 ^ 0x3200c70e;
				_v1588 = 0x24e2cc;
				_v1588 = _v1588 | 0xcf150453;
				_v1588 = _v1588 ^ 0xcf3ce5d0;
				_v1572 = 0x6249a8;
				_v1572 = _v1572 << 6;
				_v1572 = _v1572 ^ 0x189f8b0c;
				_v1596 = 0x119a44;
				_v1596 = _v1596 >> 8;
				_v1596 = _v1596 ^ 0x000b5fad;
				_v1680 = 0xd16cc2;
				_v1680 = _v1680 ^ 0x4916a611;
				_v1680 = _v1680 >> 0xe;
				_v1680 = _v1680 ^ 0x00055714;
				_v1728 = 0x441d3d;
				_t471 = 0x35;
				_v1728 = _v1728 * 3;
				_v1728 = _v1728 << 3;
				_v1728 = _v1728 | 0x559f2c94;
				_v1728 = _v1728 ^ 0x57fdad3a;
				_v1564 = 0xb1e813;
				_v1564 = _v1564 >> 0xc;
				_v1564 = _v1564 ^ 0x0004104c;
				_v1736 = 0x70197f;
				_v1736 = _v1736 >> 0x10;
				_v1736 = _v1736 + 0xe51d;
				_v1736 = _v1736 * 0x61;
				_v1736 = _v1736 ^ 0x00557f63;
				_v1744 = 0x5ff0e3;
				_v1744 = _v1744 + 0xffff2d97;
				_v1744 = _v1744 + 0xffff9c65;
				_v1744 = _v1744 ^ 0xd07f01de;
				_v1744 = _v1744 ^ 0xd026cc62;
				_v1608 = 0x914f5e;
				_v1608 = _v1608 << 0xf;
				_v1608 = _v1608 ^ 0xa7adba7a;
				_v1664 = 0xe3376f;
				_v1664 = _v1664 >> 8;
				_v1664 = _v1664 << 4;
				_v1664 = _v1664 ^ 0x000bcae6;
				_v1616 = 0x54b2fb;
				_v1616 = _v1616 + 0xce1d;
				_v1616 = _v1616 ^ 0x005b3b7b;
				_v1644 = 0xe2ce3f;
				_v1644 = _v1644 + 0x16f2;
				_v1644 = _v1644 >> 0xd;
				_v1644 = _v1644 ^ 0x000e1e70;
				_v1752 = 0x7f4aca;
				_v1752 = _v1752 ^ 0x883f1d9d;
				_v1752 = _v1752 + 0x59a5;
				_v1752 = _v1752 | 0x80ddc91b;
				_v1752 = _v1752 ^ 0x88d3833c;
				_v1636 = 0xc2c2cf;
				_v1636 = _v1636 / _t471;
				_v1636 = _v1636 + 0xffff5d17;
				_v1636 = _v1636 ^ 0x0005a2c5;
				_v1676 = 0x4604e2;
				_v1676 = _v1676 * 0x76;
				_v1676 = _v1676 + 0xdac5;
				_v1676 = _v1676 ^ 0x2048b942;
				_v1652 = 0x890d36;
				_v1652 = _v1652 >> 3;
				_v1652 = _v1652 | 0xfe9d52c1;
				_v1652 = _v1652 ^ 0xfe9ab4fb;
				_v1684 = 0xd96cde;
				_v1684 = _v1684 * 0x47;
				_v1684 = _v1684 + 0xffff480a;
				_v1684 = _v1684 ^ 0x3c48c040;
				_v1624 = 0xc48732;
				_v1624 = _v1624 >> 4;
				_v1624 = _v1624 ^ 0x01665cbd;
				_v1624 = _v1624 ^ 0x016df620;
				_v1692 = 0x58f5b8;
				_v1692 = _v1692 << 4;
				_v1692 = _v1692 ^ 0x299232ca;
				_v1692 = _v1692 ^ 0x2c1b7361;
				_v1732 = 0x9987b4;
				_v1732 = _v1732 << 4;
				_v1732 = _v1732 ^ 0x14505727;
				_v1732 = _v1732 | 0xbadb6758;
				_v1732 = _v1732 ^ 0xbfd57076;
				_v1708 = 0x151e5;
				_v1708 = _v1708 >> 0xd;
				_v1708 = _v1708 >> 0xe;
				_v1708 = _v1708 + 0xffff12c7;
				_v1708 = _v1708 ^ 0xffff0a0d;
				_v1580 = 0x15a9fb;
				_v1580 = _v1580 >> 6;
				_v1580 = _v1580 ^ 0x0004a695;
				_v1688 = 0x871746;
				_t472 = 0x34;
				_v1688 = _v1688 / _t472;
				_v1688 = _v1688 + 0xffff07ae;
				_v1688 = _v1688 ^ 0x00087c5e;
				_v1740 = 0xe3d16b;
				_v1740 = _v1740 << 7;
				_v1740 = _v1740 | 0x6cb9ee1d;
				_v1740 = _v1740 ^ 0x38143ac0;
				_v1740 = _v1740 ^ 0x45e6e926;
				_v1724 = 0xe03c47;
				_v1724 = _v1724 + 0x7497;
				_v1724 = _v1724 << 0xe;
				_v1724 = _v1724 + 0xffff69be;
				_v1724 = _v1724 ^ 0x2c306d9d;
				_v1748 = 0xe2efab;
				_v1748 = _v1748 | 0x110de103;
				_v1748 = _v1748 + 0x3577;
				_t473 = 0x2b;
				_t440 = _v1576;
				_v1748 = _v1748 / _t473;
				_v1748 = _v1748 ^ 0x006272f3;
				_v1716 = 0x295420;
				_v1716 = _v1716 ^ 0xaa3d2c48;
				_v1716 = _v1716 + 0xffff3248;
				_v1716 = _v1716 ^ 0xb95b2034;
				_v1716 = _v1716 ^ 0x134f16e6;
				_v1620 = 0x315b6e;
				_v1620 = _v1620 ^ 0xed866512;
				_v1620 = _v1620 ^ 0xedb02c8f;
				_v1696 = 0xb25998;
				_t476 = _v1576;
				_t468 = _v1576;
				_v1696 = _v1696 * 0xf;
				_v1696 = _v1696 << 9;
				_v1696 = _v1696 ^ 0xe675be87;
				_v1632 = 0x9ab851;
				_v1632 = _v1632 ^ 0x37be7fac;
				_v1632 = _v1632 + 0xffff726f;
				_v1632 = _v1632 ^ 0x372cadd5;
				_v1704 = 0xe98d3;
				_v1704 = _v1704 | 0xb808fc66;
				_v1704 = _v1704 ^ 0xb98541de;
				_v1704 = _v1704 | 0x92c26071;
				_v1704 = _v1704 ^ 0x93ce4092;
				_v1584 = 0x695255;
				_v1584 = _v1584 | 0x2c3ea780;
				_v1584 = _v1584 ^ 0x2c75cea7;
				while(1) {
					L1:
					while(1) {
						_t459 = 0x5c;
						do {
							while(1) {
								L3:
								_t480 = _t441 - 0xc1f8872;
								if(_t480 > 0) {
									break;
								}
								if(_t480 == 0) {
									E02BB3046(_v1696, _v1632, _v1704, _t440, _v1584);
								} else {
									if(_t441 == 0x1770085) {
										_t476 = E02BC7C4E(_t440, _t459, _t441, _v1644, _v1752, _v1668, _v1636, _v1676, _v1756, _v1652, _t468, _v1684, _v1604, _v1624, _t441, _v1692, _t441, _v1732, _t441, _t468, _v1708,  &_v1560, _v1580, _v1612);
										_t477 =  &(_t477[0x16]);
										__eflags = _t476;
										if(_t476 == 0) {
											goto L10;
										} else {
											_t441 = 0x650cb13;
											_v1576 = 1;
											while(1) {
												_t459 = 0x5c;
												goto L3;
											}
										}
									} else {
										if(_t441 == 0x30ba806) {
											_t469 =  *0x2bd6214; // 0x0
											_t470 = _t469 + 0x23c;
											while(1) {
												__eflags =  *_t470 - _t459;
												if( *_t470 == _t459) {
													break;
												}
												_t470 = _t470 + 2;
												__eflags = _t470;
											}
											_t468 = _t470 + 2;
											_t441 = 0xd1695f5;
											continue;
										} else {
											if(_t441 == 0x650cb13) {
												E02BCB257(_t440, _v1688, _v1740, _t476);
												_t441 = 0x8b9ab05;
												while(1) {
													_t459 = 0x5c;
													goto L3;
												}
											} else {
												if(_t441 != 0x8b9ab05) {
													goto L25;
												} else {
													_t352 =  &_v1748; // 0x45e6e926
													E02BB3046(_v1724,  *_t352, _v1716, _t476, _v1620);
													_t477 =  &(_t477[3]);
													L10:
													_t441 = 0xc1f8872;
													while(1) {
														_t459 = 0x5c;
														goto L3;
													}
												}
											}
										}
									}
								}
								L28:
								return _v1576;
							}
							__eflags = _t441 - 0xcb67425;
							if(_t441 == 0xcb67425) {
								E02BB1A34(_v1592,  &_v520, _t441, _t441, _v1640, _v1648, _v1712, _t441, _v1600, _v1656);
								_t477 =  &(_t477[8]);
								_t441 = 0xd521465;
								_t459 = 0x5c;
								goto L25;
							} else {
								__eflags = _t441 - 0xd1695f5;
								if(_t441 == 0xd1695f5) {
									_t440 = E02BCE8B6(_t441, _v1608, _v1664, _t441, _v1720, _v1616);
									_t477 =  &(_t477[4]);
									__eflags = _t440;
									if(_t440 != 0) {
										_t441 = 0x1770085;
										_t459 = 0x5c;
										goto L3;
									}
								} else {
									__eflags = _t441 - 0xd521465;
									if(__eflags != 0) {
										goto L25;
									} else {
										_push(_v1568);
										_push(_v1660);
										_push(_v1628);
										_t429 = E02BCE1F8(0x2bb1030, _v1700, __eflags);
										E02BB7078( &_v1040, __eflags);
										_t432 =  *0x2bd6214; // 0x0
										_t436 =  *0x2bd6214; // 0x0
										E02BBF96F(_v1672, __eflags, _t436 + 0x34, _t429,  &_v1040, _v1588,  &_v1560, _t432 + 0x23c, _v1572, _v1596, _v1680,  &_v520);
										E02BCFECB(_t429, _v1728, _v1564, _v1736, _v1744);
										_t477 =  &(_t477[0x10]);
										_t441 = 0x30ba806;
										goto L1;
									}
								}
							}
							goto L28;
							L25:
							__eflags = _t441 - 0x3fe9fd3;
						} while (_t441 != 0x3fe9fd3);
						goto L28;
					}
				}
			}






































































                                                                                                          0x02bbd14c
                                                                                                          0x02bbd156
                                                                                                          0x02bbd161
                                                                                                          0x02bbd166
                                                                                                          0x02bbd171
                                                                                                          0x02bbd17c
                                                                                                          0x02bbd184
                                                                                                          0x02bbd18c
                                                                                                          0x02bbd194
                                                                                                          0x02bbd19c
                                                                                                          0x02bbd1a7
                                                                                                          0x02bbd1af
                                                                                                          0x02bbd1ba
                                                                                                          0x02bbd1c2
                                                                                                          0x02bbd1ca
                                                                                                          0x02bbd1d2
                                                                                                          0x02bbd1da
                                                                                                          0x02bbd1e2
                                                                                                          0x02bbd1ea
                                                                                                          0x02bbd1f2
                                                                                                          0x02bbd1fa
                                                                                                          0x02bbd205
                                                                                                          0x02bbd210
                                                                                                          0x02bbd21b
                                                                                                          0x02bbd226
                                                                                                          0x02bbd231
                                                                                                          0x02bbd23c
                                                                                                          0x02bbd247
                                                                                                          0x02bbd252
                                                                                                          0x02bbd25d
                                                                                                          0x02bbd268
                                                                                                          0x02bbd270
                                                                                                          0x02bbd278
                                                                                                          0x02bbd280
                                                                                                          0x02bbd288
                                                                                                          0x02bbd290
                                                                                                          0x02bbd295
                                                                                                          0x02bbd29f
                                                                                                          0x02bbd2a7
                                                                                                          0x02bbd2ab
                                                                                                          0x02bbd2b3
                                                                                                          0x02bbd2bb
                                                                                                          0x02bbd2c3
                                                                                                          0x02bbd2cb
                                                                                                          0x02bbd2d3
                                                                                                          0x02bbd2db
                                                                                                          0x02bbd2e3
                                                                                                          0x02bbd2eb
                                                                                                          0x02bbd2f3
                                                                                                          0x02bbd2fe
                                                                                                          0x02bbd306
                                                                                                          0x02bbd311
                                                                                                          0x02bbd31c
                                                                                                          0x02bbd329
                                                                                                          0x02bbd32d
                                                                                                          0x02bbd332
                                                                                                          0x02bbd33a
                                                                                                          0x02bbd34d
                                                                                                          0x02bbd354
                                                                                                          0x02bbd35f
                                                                                                          0x02bbd36c
                                                                                                          0x02bbd370
                                                                                                          0x02bbd378
                                                                                                          0x02bbd380
                                                                                                          0x02bbd38b
                                                                                                          0x02bbd396
                                                                                                          0x02bbd3a1
                                                                                                          0x02bbd3ac
                                                                                                          0x02bbd3b4
                                                                                                          0x02bbd3bf
                                                                                                          0x02bbd3ca
                                                                                                          0x02bbd3d2
                                                                                                          0x02bbd3dd
                                                                                                          0x02bbd3e5
                                                                                                          0x02bbd3ed
                                                                                                          0x02bbd3f4
                                                                                                          0x02bbd3fc
                                                                                                          0x02bbd40b
                                                                                                          0x02bbd40c
                                                                                                          0x02bbd410
                                                                                                          0x02bbd415
                                                                                                          0x02bbd41d
                                                                                                          0x02bbd425
                                                                                                          0x02bbd430
                                                                                                          0x02bbd438
                                                                                                          0x02bbd443
                                                                                                          0x02bbd44b
                                                                                                          0x02bbd450
                                                                                                          0x02bbd45d
                                                                                                          0x02bbd461
                                                                                                          0x02bbd469
                                                                                                          0x02bbd471
                                                                                                          0x02bbd479
                                                                                                          0x02bbd481
                                                                                                          0x02bbd489
                                                                                                          0x02bbd491
                                                                                                          0x02bbd49c
                                                                                                          0x02bbd4a4
                                                                                                          0x02bbd4af
                                                                                                          0x02bbd4b7
                                                                                                          0x02bbd4bc
                                                                                                          0x02bbd4c1
                                                                                                          0x02bbd4c9
                                                                                                          0x02bbd4d4
                                                                                                          0x02bbd4df
                                                                                                          0x02bbd4ea
                                                                                                          0x02bbd4f5
                                                                                                          0x02bbd500
                                                                                                          0x02bbd508
                                                                                                          0x02bbd513
                                                                                                          0x02bbd51b
                                                                                                          0x02bbd523
                                                                                                          0x02bbd52b
                                                                                                          0x02bbd533
                                                                                                          0x02bbd53b
                                                                                                          0x02bbd54f
                                                                                                          0x02bbd556
                                                                                                          0x02bbd561
                                                                                                          0x02bbd56c
                                                                                                          0x02bbd579
                                                                                                          0x02bbd57d
                                                                                                          0x02bbd585
                                                                                                          0x02bbd58d
                                                                                                          0x02bbd595
                                                                                                          0x02bbd59a
                                                                                                          0x02bbd5a2
                                                                                                          0x02bbd5aa
                                                                                                          0x02bbd5b7
                                                                                                          0x02bbd5bb
                                                                                                          0x02bbd5c3
                                                                                                          0x02bbd5cb
                                                                                                          0x02bbd5d6
                                                                                                          0x02bbd5de
                                                                                                          0x02bbd5e9
                                                                                                          0x02bbd5f4
                                                                                                          0x02bbd5fc
                                                                                                          0x02bbd601
                                                                                                          0x02bbd609
                                                                                                          0x02bbd611
                                                                                                          0x02bbd619
                                                                                                          0x02bbd61e
                                                                                                          0x02bbd626
                                                                                                          0x02bbd62e
                                                                                                          0x02bbd636
                                                                                                          0x02bbd63e
                                                                                                          0x02bbd643
                                                                                                          0x02bbd648
                                                                                                          0x02bbd650
                                                                                                          0x02bbd65a
                                                                                                          0x02bbd665
                                                                                                          0x02bbd66d
                                                                                                          0x02bbd678
                                                                                                          0x02bbd686
                                                                                                          0x02bbd68b
                                                                                                          0x02bbd691
                                                                                                          0x02bbd699
                                                                                                          0x02bbd6a1
                                                                                                          0x02bbd6a9
                                                                                                          0x02bbd6ae
                                                                                                          0x02bbd6b6
                                                                                                          0x02bbd6be
                                                                                                          0x02bbd6c6
                                                                                                          0x02bbd6ce
                                                                                                          0x02bbd6d6
                                                                                                          0x02bbd6db
                                                                                                          0x02bbd6e3
                                                                                                          0x02bbd6eb
                                                                                                          0x02bbd6f3
                                                                                                          0x02bbd6fb
                                                                                                          0x02bbd707
                                                                                                          0x02bbd70a
                                                                                                          0x02bbd711
                                                                                                          0x02bbd715
                                                                                                          0x02bbd71d
                                                                                                          0x02bbd725
                                                                                                          0x02bbd72d
                                                                                                          0x02bbd735
                                                                                                          0x02bbd73d
                                                                                                          0x02bbd745
                                                                                                          0x02bbd750
                                                                                                          0x02bbd75b
                                                                                                          0x02bbd766
                                                                                                          0x02bbd773
                                                                                                          0x02bbd77a
                                                                                                          0x02bbd781
                                                                                                          0x02bbd785
                                                                                                          0x02bbd78a
                                                                                                          0x02bbd792
                                                                                                          0x02bbd79d
                                                                                                          0x02bbd7a8
                                                                                                          0x02bbd7b3
                                                                                                          0x02bbd7be
                                                                                                          0x02bbd7c6
                                                                                                          0x02bbd7ce
                                                                                                          0x02bbd7d6
                                                                                                          0x02bbd7de
                                                                                                          0x02bbd7e6
                                                                                                          0x02bbd7f1
                                                                                                          0x02bbd7fc
                                                                                                          0x02bbd807
                                                                                                          0x02bbd807
                                                                                                          0x02bbd80c
                                                                                                          0x02bbd80e
                                                                                                          0x02bbd80f
                                                                                                          0x02bbd80f
                                                                                                          0x02bbd80f
                                                                                                          0x02bbd80f
                                                                                                          0x02bbd811
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bbd817
                                                                                                          0x02bbda90
                                                                                                          0x02bbd81d
                                                                                                          0x02bbd823
                                                                                                          0x02bbd90c
                                                                                                          0x02bbd90e
                                                                                                          0x02bbd911
                                                                                                          0x02bbd913
                                                                                                          0x00000000
                                                                                                          0x02bbd919
                                                                                                          0x02bbd919
                                                                                                          0x02bbd91e
                                                                                                          0x02bbd80c
                                                                                                          0x02bbd80e
                                                                                                          0x00000000
                                                                                                          0x02bbd80e
                                                                                                          0x02bbd80c
                                                                                                          0x02bbd825
                                                                                                          0x02bbd82b
                                                                                                          0x02bbd87a
                                                                                                          0x02bbd880
                                                                                                          0x02bbd88b
                                                                                                          0x02bbd88b
                                                                                                          0x02bbd88e
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bbd888
                                                                                                          0x02bbd888
                                                                                                          0x02bbd888
                                                                                                          0x02bbd890
                                                                                                          0x02bbd893
                                                                                                          0x00000000
                                                                                                          0x02bbd82d
                                                                                                          0x02bbd833
                                                                                                          0x02bbd86c
                                                                                                          0x02bbd873
                                                                                                          0x02bbd80c
                                                                                                          0x02bbd80e
                                                                                                          0x00000000
                                                                                                          0x02bbd80e
                                                                                                          0x02bbd835
                                                                                                          0x02bbd83b
                                                                                                          0x00000000
                                                                                                          0x02bbd841
                                                                                                          0x02bbd84d
                                                                                                          0x02bbd855
                                                                                                          0x02bbd85a
                                                                                                          0x02bbd85d
                                                                                                          0x02bbd85d
                                                                                                          0x02bbd80c
                                                                                                          0x02bbd80e
                                                                                                          0x00000000
                                                                                                          0x02bbd80e
                                                                                                          0x02bbd80c
                                                                                                          0x02bbd83b
                                                                                                          0x02bbd833
                                                                                                          0x02bbd82b
                                                                                                          0x02bbd823
                                                                                                          0x02bbda98
                                                                                                          0x02bbdaa9
                                                                                                          0x02bbdaa9
                                                                                                          0x02bbd92e
                                                                                                          0x02bbd934
                                                                                                          0x02bbda5b
                                                                                                          0x02bbda60
                                                                                                          0x02bbda63
                                                                                                          0x02bbda6a
                                                                                                          0x00000000
                                                                                                          0x02bbd93a
                                                                                                          0x02bbd93a
                                                                                                          0x02bbd940
                                                                                                          0x02bbda1a
                                                                                                          0x02bbda1c
                                                                                                          0x02bbda1f
                                                                                                          0x02bbda21
                                                                                                          0x02bbda23
                                                                                                          0x02bbd80e
                                                                                                          0x00000000
                                                                                                          0x02bbd80e
                                                                                                          0x02bbd946
                                                                                                          0x02bbd946
                                                                                                          0x02bbd94c
                                                                                                          0x00000000
                                                                                                          0x02bbd952
                                                                                                          0x02bbd952
                                                                                                          0x02bbd95e
                                                                                                          0x02bbd962
                                                                                                          0x02bbd96d
                                                                                                          0x02bbd97b
                                                                                                          0x02bbd99f
                                                                                                          0x02bbd9c8
                                                                                                          0x02bbd9d2
                                                                                                          0x02bbd9ec
                                                                                                          0x02bbd9f1
                                                                                                          0x02bbd9f4
                                                                                                          0x00000000
                                                                                                          0x02bbd9f4
                                                                                                          0x02bbd94c
                                                                                                          0x02bbd940
                                                                                                          0x00000000
                                                                                                          0x02bbda6b
                                                                                                          0x02bbda6b
                                                                                                          0x02bbda6b
                                                                                                          0x00000000
                                                                                                          0x02bbda77
                                                                                                          0x02bbd80c

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: T)$&E$G<$Qob$URi$`QF$mm$n[1$o7$w5${;[
                                                                                                          • API String ID: 0-1763375246
                                                                                                          • Opcode ID: 643ffe44af56e2d0d10c0a500dd3bb926e384b4556dd3a8d30a85f1499ccaa41
                                                                                                          • Instruction ID: 65faa835ea3e9483bda3807d85a86a0b4c37216d1b244512d0fe46f25031d0af
                                                                                                          • Opcode Fuzzy Hash: 643ffe44af56e2d0d10c0a500dd3bb926e384b4556dd3a8d30a85f1499ccaa41
                                                                                                          • Instruction Fuzzy Hash: D62211714093819FD7B9CF61C94AA9BBBE1FBC5708F10890DE2DA96260D7B58949CF03
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BC5779, Relevance: 12.9, Strings: 10, Instructions: 430COMMONCrypto
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 835 2bc5779-2bc5da9 call 2bcfe29 838 2bc5db1 835->838 839 2bc5db8-2bc5dbe 838->839 840 2bc5dc4 839->840 841 2bc5f67-2bc5f6d 839->841 844 2bc5dca-2bc5dd0 840->844 845 2bc5f40-2bc5f62 call 2bd2b09 840->845 842 2bc6041-2bc6067 call 2bbfb8e 841->842 843 2bc5f73-2bc5f79 841->843 863 2bc6069-2bc606e 842->863 864 2bc6073 842->864 848 2bc5f7f-2bc5f85 843->848 849 2bc6086-2bc60a5 call 2bd2b09 843->849 850 2bc5dd6-2bc5ddc 844->850 851 2bc5f03-2bc5f30 call 2bb57b8 844->851 845->839 855 2bc5ffc-2bc603c call 2bccca0 848->855 856 2bc5f87-2bc5f8d 848->856 871 2bc60a6-2bc60b7 849->871 858 2bc5dde-2bc5de4 850->858 859 2bc5e3f-2bc5eb2 call 2bb5026 call 2bcc9b0 call 2bb71b3 850->859 851->871 872 2bc5f36-2bc5f3b 851->872 855->839 865 2bc6078-2bc607e 856->865 866 2bc5f93-2bc5fec call 2bbe7de 856->866 868 2bc5e35-2bc5e3a 858->868 869 2bc5de6-2bc5dec 858->869 887 2bc5eb4-2bc5ebd 859->887 888 2bc5ec7-2bc5efe call 2bccca0 859->888 863->839 864->865 865->839 874 2bc6084 865->874 866->871 881 2bc5ff2-2bc5ff7 866->881 868->839 869->865 876 2bc5df2-2bc5e1a call 2bbc5d8 869->876 872->839 874->871 883 2bc5e1c-2bc5e2c 876->883 884 2bc5e2e-2bc5e33 876->884 881->839 883->839 884->839 889 2bc5ebf 887->889 890 2bc5ec2-2bc5ec5 887->890 888->838 889->890 890->887 890->888
                                                                                                          C-Code - Quality: 92%
                                                                                                          			E02BC5779(intOrPtr* __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12) {
				char _v32;
				void* _v44;
				intOrPtr _v48;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v88;
				char _v92;
				char _v100;
				intOrPtr _v104;
				signed int _v108;
				intOrPtr _v112;
				char _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				unsigned int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				unsigned int _v176;
				signed int _v180;
				signed int _v184;
				unsigned int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				unsigned int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				unsigned int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				void* _t410;
				void* _t455;
				void* _t464;
				intOrPtr _t469;
				void* _t475;
				intOrPtr* _t477;
				void* _t479;
				signed int _t492;
				signed char* _t519;
				signed int _t522;
				signed int _t523;
				signed int _t524;
				signed int _t525;
				signed int _t526;
				signed int _t527;
				signed int _t528;
				signed int _t529;
				signed int _t530;
				signed int _t531;
				signed char* _t532;
				intOrPtr _t533;
				intOrPtr _t534;
				void* _t535;
				signed char* _t536;
				intOrPtr* _t537;
				signed int* _t539;
				signed int* _t541;
				void* _t543;

				_t477 = _a12;
				_push(_t477);
				_push(_a8);
				_t533 = __edx;
				_t537 = __ecx;
				_push(_a4);
				_v104 = __edx;
				_push(__edx);
				_push(__ecx);
				E02BCFE29(_t410);
				_v48 = 0xc2c967;
				_v108 = _v108 & 0x00000000;
				asm("stosd");
				_t539 =  &(( &_v288)[5]);
				_t479 = 0x2d8a01e;
				asm("stosd");
				asm("stosd");
				_v268 = 0x13192e;
				_v268 = _v268 >> 0xe;
				_t522 = 0x7a;
				_v268 = _v268 / _t522;
				_v268 = _v268 ^ 0xa67107cf;
				_v268 = _v268 ^ 0xa67107cf;
				_v180 = 0x822106;
				_v180 = _v180 ^ 0x7b43f696;
				_v180 = _v180 ^ 0xd3ff461a;
				_v180 = _v180 ^ 0xa83e91ca;
				_v260 = 0xfc96b3;
				_v260 = _v260 ^ 0x88d779ee;
				_v260 = _v260 | 0x0ca97313;
				_v260 = _v260 ^ 0xca187f30;
				_v260 = _v260 ^ 0x46b3802f;
				_v288 = 0x4333cc;
				_v288 = _v288 << 0xf;
				_t523 = 0x34;
				_v288 = _v288 / _t523;
				_v288 = _v288 >> 3;
				_v288 = _v288 ^ 0x005b8977;
				_v136 = 0xc5dc93;
				_v136 = _v136 * 0xc;
				_v136 = _v136 ^ 0x0945f62e;
				_v128 = 0x6b700a;
				_t57 =  &_v128; // 0x6b700a
				_v128 =  *_t57 * 0x15;
				_v128 = _v128 ^ 0x08d49145;
				_v232 = 0xf79846;
				_v232 = _v232 ^ 0xca57ef9e;
				_v232 = _v232 ^ 0x925d174a;
				_v232 = _v232 ^ 0x58faffd4;
				_v280 = 0xd1aac6;
				_v280 = _v280 >> 0xc;
				_v280 = _v280 >> 3;
				_v280 = _v280 | 0xe15f3d77;
				_v280 = _v280 ^ 0xe1581caf;
				_v204 = 0x586478;
				_v204 = _v204 << 6;
				_v204 = _v204 * 0x45;
				_v204 = _v204 ^ 0xf4c06de0;
				_v236 = 0x7a6b49;
				_v236 = _v236 + 0xfffff53d;
				_v236 = _v236 + 0xffff6bfb;
				_v236 = _v236 ^ 0x00796dc4;
				_v164 = 0x73b924;
				_v164 = _v164 * 0x37;
				_v164 = _v164 ^ 0x18d89939;
				_v140 = 0xd61f2b;
				_v140 = _v140 | 0xe12df20d;
				_v140 = _v140 ^ 0xe1fed234;
				_v264 = 0xb74ee;
				_v264 = _v264 | 0x369c0611;
				_v264 = _v264 + 0xffffce97;
				_v264 = _v264 | 0x56131c90;
				_v264 = _v264 ^ 0x76993c7a;
				_v188 = 0x86359d;
				_v188 = _v188 | 0xee9d04be;
				_v188 = _v188 >> 7;
				_v188 = _v188 ^ 0x01d63d7e;
				_v196 = 0x62a6bf;
				_v196 = _v196 ^ 0x13f7b83b;
				_v196 = _v196 | 0xfa5dbf29;
				_v196 = _v196 ^ 0xfbd613bb;
				_v272 = 0x497fb9;
				_v272 = _v272 >> 8;
				_v272 = _v272 + 0x46f;
				_t524 = 0x15;
				_v272 = _v272 / _t524;
				_v272 = _v272 ^ 0x0006a64c;
				_v284 = 0x22ff47;
				_v284 = _v284 << 9;
				_v284 = _v284 + 0x2a7e;
				_v284 = _v284 | 0xa3b8d71b;
				_v284 = _v284 ^ 0xe7f75fc1;
				_v168 = 0x5effde;
				_v168 = _v168 << 0xd;
				_v168 = _v168 ^ 0xdff336ff;
				_v160 = 0x143f18;
				_v160 = _v160 >> 8;
				_v160 = _v160 ^ 0x00026d5e;
				_v212 = 0x56f8ef;
				_t525 = 0x74;
				_v212 = _v212 / _t525;
				_v212 = _v212 >> 1;
				_v212 = _v212 ^ 0x00041781;
				_v184 = 0x78f661;
				_t526 = 0x24;
				_v184 = _v184 / _t526;
				_v184 = _v184 << 6;
				_v184 = _v184 ^ 0x00d4b0ae;
				_v132 = 0xfc57e1;
				_v132 = _v132 + 0x95ac;
				_v132 = _v132 ^ 0x00fd4e4f;
				_v224 = 0x75249d;
				_v224 = _v224 >> 2;
				_v224 = _v224 << 5;
				_v224 = _v224 ^ 0x03a0d1e2;
				_v200 = 0x1dd68f;
				_t527 = 0x1e;
				_v200 = _v200 / _t527;
				_v200 = _v200 << 5;
				_v200 = _v200 ^ 0x001cc6a7;
				_v192 = 0xfcdaf1;
				_v192 = _v192 + 0xd795;
				_v192 = _v192 >> 9;
				_v192 = _v192 ^ 0x00058c90;
				_v216 = 0xbb9259;
				_t528 = 0x34;
				_v216 = _v216 / _t528;
				_t529 = 0x52;
				_v216 = _v216 * 0x13;
				_v216 = _v216 ^ 0x004a95ed;
				_v276 = 0x57a41b;
				_v276 = _v276 ^ 0xd020dbe5;
				_v276 = _v276 | 0x8ab5e016;
				_v276 = _v276 + 0xffff22d9;
				_v276 = _v276 ^ 0xdaf55aee;
				_v244 = 0x1f39e;
				_v244 = _v244 >> 7;
				_v244 = _v244 | 0x3f4cee99;
				_v244 = _v244 / _t529;
				_v244 = _v244 ^ 0x00c55e53;
				_v208 = 0x8cb9ec;
				_v208 = _v208 ^ 0x591dda69;
				_v208 = _v208 + 0xffff44b3;
				_v208 = _v208 ^ 0x5993fa0d;
				_v152 = 0xb0343f;
				_v152 = _v152 << 0xf;
				_v152 = _v152 ^ 0x1a1cc008;
				_v252 = 0xe1a21c;
				_v252 = _v252 | 0x952b17c7;
				_v252 = _v252 >> 0xb;
				_v252 = _v252 + 0x3107;
				_v252 = _v252 ^ 0x00168178;
				_v176 = 0x1f45f4;
				_v176 = _v176 + 0xffffb6c3;
				_v176 = _v176 >> 3;
				_v176 = _v176 ^ 0x000294fa;
				_v144 = 0xd98b7;
				_v144 = _v144 + 0xdfca;
				_v144 = _v144 ^ 0x00064cf8;
				_v124 = 0xf97c3c;
				_v124 = _v124 << 0xe;
				_v124 = _v124 ^ 0x5f01afd1;
				_v220 = 0xbf67e3;
				_v220 = _v220 >> 0xf;
				_v220 = _v220 >> 8;
				_v220 = _v220 ^ 0x0002d002;
				_v148 = 0xfa1be7;
				_v148 = _v148 * 0x4c;
				_v148 = _v148 ^ 0x4a419838;
				_v228 = 0xe7473d;
				_v228 = _v228 + 0x3507;
				_v228 = _v228 ^ 0x00ead38c;
				_v156 = 0x66a8ab;
				_v156 = _v156 | 0x79d54c9c;
				_v156 = _v156 ^ 0x79fe3884;
				_v240 = 0x18be1a;
				_v240 = _v240 ^ 0x7e543587;
				_v240 = _v240 * 0x68;
				_v240 = _v240 | 0xe3fcfdd3;
				_v240 = _v240 ^ 0xeff94d70;
				_v172 = 0x9913c4;
				_v172 = _v172 * 0x77;
				_v172 = _v172 + 0xffffc63d;
				_v172 = _v172 ^ 0x47206855;
				_v248 = 0xd44183;
				_v248 = _v248 + 0xd298;
				_v248 = _v248 << 4;
				_v248 = _v248 ^ 0x50766a5f;
				_v248 = _v248 ^ 0x5d272bff;
				_v256 = 0x31eb30;
				_v256 = _v256 ^ 0xb25f58d4;
				_v256 = _v256 ^ 0x46bb6998;
				_t530 = 0x74;
				_v256 = _v256 / _t530;
				_v256 = _v256 ^ 0x021c5309;
				while(1) {
					L1:
					_t531 = _v120;
					goto L2;
					do {
						while(1) {
							L2:
							_t543 = _t479 - 0x3286a26;
							if(_t543 > 0) {
								break;
							}
							if(_t543 == 0) {
								E02BD2B09(_v220, _v116, _v148, _v228);
								_t479 = 0x483cb7c;
								continue;
							}
							if(_t479 == 0xd18f0a) {
								_t455 = E02BB57B8( *_t477, _v288, _v136,  *((intOrPtr*)(_t477 + 4)), _v128,  &_v32, _v232);
								_t539 =  &(_t539[6]);
								if(_t455 == 0) {
									L33:
									return _v108;
								}
								_t479 = 0x98446cf;
								continue;
							}
							if(_t479 == 0x2686f46) {
								_t534 =  *_t537;
								E02BB5026(_v184, _v132, _v224, _t534, _v200);
								_t535 = _t534 + _v260;
								E02BCC9B0(_v192, _t535, _v216, _v112, _v116, _v276);
								_push(_v152);
								_t536 = _t535 + _v112;
								_t492 = _t531;
								_push(_v208);
								_push(_t536);
								E02BB71B3(_t492, _v244);
								_t532 =  &(_t536[_t531]);
								_t541 =  &(_t539[0xa]);
								_t519 = _t536;
								if(_t536 >= _t532) {
									L16:
									_push(_t492);
									_push(_t492);
									_t464 = E02BCCCA0(0, 0xe);
									_t539 =  &(_t541[4]);
									_t479 = 0x3286a26;
									 *((char*)(_t464 + _t536)) = 0;
									_t533 = _v104;
									goto L1;
								} else {
									goto L13;
								}
								do {
									L13:
									_t492 = _v268;
									if(( *_t519 & 0x000000ff) == _t492) {
										 *_t519 = 0xc3;
									}
									_t519 =  &(_t519[1]);
								} while (_t519 < _t532);
								goto L16;
							}
							if(_t479 == 0x2d8a01e) {
								_t479 = 0xd18f0a;
								continue;
							}
							if(_t479 != 0x3056d50) {
								goto L30;
							}
							_push(_t479);
							_push(_t479);
							_t469 = E02BBC5D8(_a4);
							_t539 =  &(_t539[3]);
							 *_t537 = _t469;
							if(_t469 == 0) {
								_t479 = 0x3286a26;
							} else {
								_v108 = 1;
								_t479 = 0x2686f46;
							}
						}
						if(_t479 == 0x34d1508) {
							if(E02BBFB8E(_v164,  &_v100,  &_v116, _v140) == 0) {
								_t479 = 0x483cb7c;
								goto L30;
							}
							_t479 = 0x5c08967;
							goto L2;
						}
						if(_t479 == 0x483cb7c) {
							E02BD2B09(_v156, _v100, _v240, _v172);
							goto L33;
						}
						if(_t479 == 0x5c08967) {
							_push(_t479);
							_push(_t479);
							_t531 = E02BCCCA0(_v248, _v256);
							_t539 =  &(_t539[4]);
							_t479 = 0x3056d50;
							_v120 = _t531;
							_a4 = _v180 + _t531 + _v112;
							goto L2;
						}
						if(_t479 != 0x98446cf) {
							goto L30;
						}
						_v92 =  &_v32;
						_v68 =  *_t477;
						_v64 =  *((intOrPtr*)(_t477 + 4));
						_v60 = _t533;
						_v88 = 0x20;
						_t475 = E02BBE7DE(_v280, _v204,  &_v92,  &_v100, _v236);
						_t539 =  &(_t539[3]);
						if(_t475 == 0) {
							goto L33;
						}
						_t479 = 0x34d1508;
						goto L2;
						L30:
					} while (_t479 != 0x5241bf8);
					goto L33;
				}
			}























































































                                                                                                          0x02bc5780
                                                                                                          0x02bc578a
                                                                                                          0x02bc578b
                                                                                                          0x02bc5792
                                                                                                          0x02bc5794
                                                                                                          0x02bc5796
                                                                                                          0x02bc579d
                                                                                                          0x02bc57a4
                                                                                                          0x02bc57a5
                                                                                                          0x02bc57a6
                                                                                                          0x02bc57ab
                                                                                                          0x02bc57bf
                                                                                                          0x02bc57c7
                                                                                                          0x02bc57c8
                                                                                                          0x02bc57cd
                                                                                                          0x02bc57d2
                                                                                                          0x02bc57d5
                                                                                                          0x02bc57d6
                                                                                                          0x02bc57de
                                                                                                          0x02bc57e7
                                                                                                          0x02bc57ec
                                                                                                          0x02bc57f7
                                                                                                          0x02bc57fb
                                                                                                          0x02bc57ff
                                                                                                          0x02bc580a
                                                                                                          0x02bc5815
                                                                                                          0x02bc5820
                                                                                                          0x02bc582b
                                                                                                          0x02bc5833
                                                                                                          0x02bc583b
                                                                                                          0x02bc5843
                                                                                                          0x02bc584b
                                                                                                          0x02bc5853
                                                                                                          0x02bc585b
                                                                                                          0x02bc5864
                                                                                                          0x02bc5867
                                                                                                          0x02bc586b
                                                                                                          0x02bc5870
                                                                                                          0x02bc5878
                                                                                                          0x02bc588b
                                                                                                          0x02bc5892
                                                                                                          0x02bc589d
                                                                                                          0x02bc58a8
                                                                                                          0x02bc58b0
                                                                                                          0x02bc58b7
                                                                                                          0x02bc58c2
                                                                                                          0x02bc58ca
                                                                                                          0x02bc58d2
                                                                                                          0x02bc58da
                                                                                                          0x02bc58e2
                                                                                                          0x02bc58ea
                                                                                                          0x02bc58ef
                                                                                                          0x02bc58f4
                                                                                                          0x02bc58fc
                                                                                                          0x02bc5904
                                                                                                          0x02bc590c
                                                                                                          0x02bc5916
                                                                                                          0x02bc591a
                                                                                                          0x02bc5922
                                                                                                          0x02bc592a
                                                                                                          0x02bc5932
                                                                                                          0x02bc593a
                                                                                                          0x02bc5942
                                                                                                          0x02bc5955
                                                                                                          0x02bc595e
                                                                                                          0x02bc5969
                                                                                                          0x02bc5974
                                                                                                          0x02bc597f
                                                                                                          0x02bc598a
                                                                                                          0x02bc5992
                                                                                                          0x02bc599a
                                                                                                          0x02bc59a2
                                                                                                          0x02bc59aa
                                                                                                          0x02bc59b2
                                                                                                          0x02bc59ba
                                                                                                          0x02bc59c2
                                                                                                          0x02bc59c7
                                                                                                          0x02bc59cf
                                                                                                          0x02bc59d7
                                                                                                          0x02bc59df
                                                                                                          0x02bc59e7
                                                                                                          0x02bc59ef
                                                                                                          0x02bc59f7
                                                                                                          0x02bc59fc
                                                                                                          0x02bc5a0a
                                                                                                          0x02bc5a0f
                                                                                                          0x02bc5a15
                                                                                                          0x02bc5a1d
                                                                                                          0x02bc5a25
                                                                                                          0x02bc5a2a
                                                                                                          0x02bc5a32
                                                                                                          0x02bc5a3a
                                                                                                          0x02bc5a42
                                                                                                          0x02bc5a4d
                                                                                                          0x02bc5a55
                                                                                                          0x02bc5a60
                                                                                                          0x02bc5a6b
                                                                                                          0x02bc5a73
                                                                                                          0x02bc5a7e
                                                                                                          0x02bc5a8a
                                                                                                          0x02bc5a8f
                                                                                                          0x02bc5a95
                                                                                                          0x02bc5a99
                                                                                                          0x02bc5aa1
                                                                                                          0x02bc5aad
                                                                                                          0x02bc5ab2
                                                                                                          0x02bc5ab8
                                                                                                          0x02bc5abd
                                                                                                          0x02bc5ac5
                                                                                                          0x02bc5ad0
                                                                                                          0x02bc5adb
                                                                                                          0x02bc5ae6
                                                                                                          0x02bc5aee
                                                                                                          0x02bc5af3
                                                                                                          0x02bc5af8
                                                                                                          0x02bc5b00
                                                                                                          0x02bc5b0c
                                                                                                          0x02bc5b11
                                                                                                          0x02bc5b15
                                                                                                          0x02bc5b1a
                                                                                                          0x02bc5b22
                                                                                                          0x02bc5b2a
                                                                                                          0x02bc5b32
                                                                                                          0x02bc5b37
                                                                                                          0x02bc5b41
                                                                                                          0x02bc5b4d
                                                                                                          0x02bc5b52
                                                                                                          0x02bc5b5d
                                                                                                          0x02bc5b60
                                                                                                          0x02bc5b64
                                                                                                          0x02bc5b6c
                                                                                                          0x02bc5b74
                                                                                                          0x02bc5b7c
                                                                                                          0x02bc5b84
                                                                                                          0x02bc5b8c
                                                                                                          0x02bc5b94
                                                                                                          0x02bc5b9c
                                                                                                          0x02bc5ba1
                                                                                                          0x02bc5baf
                                                                                                          0x02bc5bb3
                                                                                                          0x02bc5bbb
                                                                                                          0x02bc5bc3
                                                                                                          0x02bc5bcb
                                                                                                          0x02bc5bd3
                                                                                                          0x02bc5bdb
                                                                                                          0x02bc5be6
                                                                                                          0x02bc5bee
                                                                                                          0x02bc5bf9
                                                                                                          0x02bc5c01
                                                                                                          0x02bc5c09
                                                                                                          0x02bc5c0e
                                                                                                          0x02bc5c16
                                                                                                          0x02bc5c1e
                                                                                                          0x02bc5c29
                                                                                                          0x02bc5c34
                                                                                                          0x02bc5c3c
                                                                                                          0x02bc5c47
                                                                                                          0x02bc5c52
                                                                                                          0x02bc5c5d
                                                                                                          0x02bc5c68
                                                                                                          0x02bc5c73
                                                                                                          0x02bc5c7b
                                                                                                          0x02bc5c86
                                                                                                          0x02bc5c8e
                                                                                                          0x02bc5c93
                                                                                                          0x02bc5c98
                                                                                                          0x02bc5ca0
                                                                                                          0x02bc5cb3
                                                                                                          0x02bc5cba
                                                                                                          0x02bc5cc5
                                                                                                          0x02bc5ccd
                                                                                                          0x02bc5cdd
                                                                                                          0x02bc5ce5
                                                                                                          0x02bc5cf0
                                                                                                          0x02bc5cfb
                                                                                                          0x02bc5d06
                                                                                                          0x02bc5d0e
                                                                                                          0x02bc5d1b
                                                                                                          0x02bc5d1f
                                                                                                          0x02bc5d27
                                                                                                          0x02bc5d2f
                                                                                                          0x02bc5d42
                                                                                                          0x02bc5d49
                                                                                                          0x02bc5d54
                                                                                                          0x02bc5d5f
                                                                                                          0x02bc5d67
                                                                                                          0x02bc5d6f
                                                                                                          0x02bc5d74
                                                                                                          0x02bc5d7c
                                                                                                          0x02bc5d84
                                                                                                          0x02bc5d8c
                                                                                                          0x02bc5d94
                                                                                                          0x02bc5da2
                                                                                                          0x02bc5da5
                                                                                                          0x02bc5da9
                                                                                                          0x02bc5db1
                                                                                                          0x02bc5db1
                                                                                                          0x02bc5db1
                                                                                                          0x02bc5db1
                                                                                                          0x02bc5db8
                                                                                                          0x02bc5db8
                                                                                                          0x02bc5db8
                                                                                                          0x02bc5db8
                                                                                                          0x02bc5dbe
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bc5dc4
                                                                                                          0x02bc5f56
                                                                                                          0x02bc5f5d
                                                                                                          0x00000000
                                                                                                          0x02bc5f5d
                                                                                                          0x02bc5dd0
                                                                                                          0x02bc5f26
                                                                                                          0x02bc5f2b
                                                                                                          0x02bc5f30
                                                                                                          0x02bc60a6
                                                                                                          0x02bc60b7
                                                                                                          0x02bc60b7
                                                                                                          0x02bc5f36
                                                                                                          0x00000000
                                                                                                          0x02bc5f36
                                                                                                          0x02bc5ddc
                                                                                                          0x02bc5e43
                                                                                                          0x02bc5e59
                                                                                                          0x02bc5e65
                                                                                                          0x02bc5e86
                                                                                                          0x02bc5e8b
                                                                                                          0x02bc5e92
                                                                                                          0x02bc5e99
                                                                                                          0x02bc5e9b
                                                                                                          0x02bc5ea3
                                                                                                          0x02bc5ea4
                                                                                                          0x02bc5ea9
                                                                                                          0x02bc5eab
                                                                                                          0x02bc5eae
                                                                                                          0x02bc5eb2
                                                                                                          0x02bc5ec7
                                                                                                          0x02bc5ee0
                                                                                                          0x02bc5ee1
                                                                                                          0x02bc5ee6
                                                                                                          0x02bc5eeb
                                                                                                          0x02bc5eee
                                                                                                          0x02bc5ef3
                                                                                                          0x02bc5ef7
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bc5eb4
                                                                                                          0x02bc5eb4
                                                                                                          0x02bc5eb4
                                                                                                          0x02bc5ebd
                                                                                                          0x02bc5ebf
                                                                                                          0x02bc5ebf
                                                                                                          0x02bc5ec2
                                                                                                          0x02bc5ec3
                                                                                                          0x00000000
                                                                                                          0x02bc5eb4
                                                                                                          0x02bc5de4
                                                                                                          0x02bc5e35
                                                                                                          0x00000000
                                                                                                          0x02bc5e35
                                                                                                          0x02bc5dec
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bc5e08
                                                                                                          0x02bc5e09
                                                                                                          0x02bc5e0d
                                                                                                          0x02bc5e12
                                                                                                          0x02bc5e15
                                                                                                          0x02bc5e1a
                                                                                                          0x02bc5e2e
                                                                                                          0x02bc5e1c
                                                                                                          0x02bc5e1c
                                                                                                          0x02bc5e27
                                                                                                          0x02bc5e27
                                                                                                          0x02bc5e1a
                                                                                                          0x02bc5f6d
                                                                                                          0x02bc6067
                                                                                                          0x02bc6073
                                                                                                          0x00000000
                                                                                                          0x02bc6073
                                                                                                          0x02bc6069
                                                                                                          0x00000000
                                                                                                          0x02bc6069
                                                                                                          0x02bc5f79
                                                                                                          0x02bc609f
                                                                                                          0x00000000
                                                                                                          0x02bc60a5
                                                                                                          0x02bc5f85
                                                                                                          0x02bc600c
                                                                                                          0x02bc600d
                                                                                                          0x02bc601b
                                                                                                          0x02bc601d
                                                                                                          0x02bc6024
                                                                                                          0x02bc602b
                                                                                                          0x02bc6039
                                                                                                          0x00000000
                                                                                                          0x02bc6039
                                                                                                          0x02bc5f8d
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bc5fa6
                                                                                                          0x02bc5faf
                                                                                                          0x02bc5fb9
                                                                                                          0x02bc5fcf
                                                                                                          0x02bc5fd7
                                                                                                          0x02bc5fe2
                                                                                                          0x02bc5fe7
                                                                                                          0x02bc5fec
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bc5ff2
                                                                                                          0x00000000
                                                                                                          0x02bc6078
                                                                                                          0x02bc6078
                                                                                                          0x00000000
                                                                                                          0x02bc6084

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: pk$ $01$=G$Ikz$Uh G$_jvP$w=_$xdX$~*
                                                                                                          • API String ID: 0-1860247402
                                                                                                          • Opcode ID: fa76ad5acae243c1c6f25466b63a0bb5d20f34d56f5c0675485de595a933ec53
                                                                                                          • Instruction ID: 490cce92cb660830ad49500a56cb7b7888d7552c925fd3954af91a8adec08eb5
                                                                                                          • Opcode Fuzzy Hash: fa76ad5acae243c1c6f25466b63a0bb5d20f34d56f5c0675485de595a933ec53
                                                                                                          • Instruction Fuzzy Hash: 312223711093809FC368CF25C58AA9BBBE2FFC5708F60891DE6D996260D7B19948CF43
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BC7D5B, Relevance: 12.9, Strings: 10, Instructions: 361COMMONCrypto
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          C-Code - Quality: 96%
                                                                                                          			E02BC7D5B(void* __ecx) {
				char _v520;
				char _v1040;
				char _v1560;
				char _v2080;
				char _v2600;
				signed int _v2604;
				signed int _v2608;
				signed int _v2612;
				signed int _v2616;
				signed int _v2620;
				signed int _v2624;
				signed int _v2628;
				signed int _v2632;
				signed int _v2636;
				signed int _v2640;
				signed int _v2644;
				signed int _v2648;
				signed int _v2652;
				signed int _v2656;
				signed int _v2660;
				signed int _v2664;
				signed int _v2668;
				signed int _v2672;
				signed int _v2676;
				signed int _v2680;
				signed int _v2684;
				signed int _v2688;
				signed int _v2692;
				signed int _v2696;
				signed int _v2700;
				signed int _v2704;
				signed int _v2708;
				signed int _v2712;
				signed int _v2716;
				signed int _v2720;
				signed int _v2724;
				signed int _v2728;
				signed int _v2732;
				signed int _v2736;
				signed int _v2740;
				signed int _v2744;
				signed int _v2748;
				signed int _v2752;
				signed int _v2756;
				signed int _v2760;
				signed int _v2764;
				signed int _v2768;
				signed int _v2772;
				signed int _v2776;
				signed int _v2780;
				signed int _v2784;
				signed int _v2788;
				signed int _v2792;
				signed int _t420;
				signed int _t442;
				signed int _t443;
				signed int _t444;
				signed int _t445;
				signed int _t446;
				signed int _t447;
				signed int _t448;
				void* _t488;
				void* _t489;
				signed int* _t493;

				_t493 =  &_v2792;
				_v2792 = 0x289571;
				_v2792 = _v2792 | 0xf6df9bca;
				_v2792 = _v2792 + 0xea43;
				_v2792 = _v2792 ^ 0xf7008a17;
				_v2788 = 0xdb8a78;
				_v2788 = _v2788 * 6;
				_t488 = __ecx;
				_t489 = 0x219adc7;
				_t442 = 0x7a;
				_v2788 = _v2788 / _t442;
				_t443 = 0x42;
				_v2788 = _v2788 * 0x3d;
				_v2788 = _v2788 ^ 0x0296dfb6;
				_v2660 = 0xc0a6c5;
				_v2660 = _v2660 << 6;
				_v2660 = _v2660 ^ 0x3025665c;
				_v2692 = 0x3a8fa3;
				_v2692 = _v2692 ^ 0xa120b079;
				_v2692 = _v2692 | 0x9ac88514;
				_v2692 = _v2692 ^ 0xbbd9167d;
				_v2668 = 0xec1a87;
				_v2668 = _v2668 + 0x8cab;
				_v2668 = _v2668 ^ 0x00e348c2;
				_v2628 = 0xecd9a9;
				_v2628 = _v2628 << 9;
				_v2628 = _v2628 ^ 0xd9bcc0eb;
				_v2756 = 0xbae8da;
				_v2756 = _v2756 + 0xefc;
				_v2756 = _v2756 * 0x2c;
				_v2756 = _v2756 ^ 0x76eb1803;
				_v2756 = _v2756 ^ 0x56c3d905;
				_v2780 = 0x787147;
				_v2780 = _v2780 + 0xffff6597;
				_v2780 = _v2780 + 0xffffc18b;
				_v2780 = _v2780 | 0x826dfd4e;
				_v2780 = _v2780 ^ 0x827371e5;
				_v2712 = 0x74bd84;
				_v2712 = _v2712 >> 9;
				_v2712 = _v2712 + 0xbcb6;
				_v2712 = _v2712 ^ 0x0001f6d9;
				_v2680 = 0x714a85;
				_v2680 = _v2680 | 0x3dc400c8;
				_v2680 = _v2680 ^ 0x3df5425d;
				_v2612 = 0xace488;
				_v2612 = _v2612 | 0xd2617c07;
				_v2612 = _v2612 ^ 0xd2e83d7d;
				_v2736 = 0x9a08fa;
				_v2736 = _v2736 + 0x9c03;
				_v2736 = _v2736 << 5;
				_v2736 = _v2736 ^ 0x135d006f;
				_v2652 = 0x41ccd2;
				_v2652 = _v2652 ^ 0x97b2ef27;
				_v2652 = _v2652 ^ 0x97fb61bc;
				_v2764 = 0x9e119e;
				_v2764 = _v2764 << 2;
				_v2764 = _v2764 | 0x268f2d0f;
				_v2764 = _v2764 / _t443;
				_v2764 = _v2764 ^ 0x009ccc86;
				_v2620 = 0x8f6e28;
				_v2620 = _v2620 >> 3;
				_v2620 = _v2620 ^ 0x00104951;
				_v2772 = 0xe21e14;
				_v2772 = _v2772 + 0xffff5b09;
				_v2772 = _v2772 * 0x18;
				_v2772 = _v2772 + 0xc00a;
				_v2772 = _v2772 ^ 0x152b5515;
				_v2608 = 0x3d3ea7;
				_v2608 = _v2608 + 0x63eb;
				_v2608 = _v2608 ^ 0x0030ec7d;
				_v2644 = 0x866304;
				_v2644 = _v2644 + 0x379c;
				_v2644 = _v2644 ^ 0x008e4788;
				_v2604 = 0xe77a6a;
				_t121 =  &_v2604; // 0xe77a6a
				_t444 = 0x63;
				_v2604 =  *_t121 / _t444;
				_v2604 = _v2604 ^ 0x000e0408;
				_v2696 = 0xf5199c;
				_v2696 = _v2696 << 8;
				_v2696 = _v2696 << 3;
				_v2696 = _v2696 ^ 0xa8c2da1f;
				_v2636 = 0xbfea70;
				_v2636 = _v2636 | 0x60f37e4e;
				_v2636 = _v2636 ^ 0x60f450e6;
				_v2720 = 0x6acbb3;
				_t445 = 0x6c;
				_v2720 = _v2720 / _t445;
				_v2720 = _v2720 >> 9;
				_v2720 = _v2720 ^ 0x00013488;
				_v2704 = 0x72224f;
				_v2704 = _v2704 << 9;
				_v2704 = _v2704 + 0xffff0fb2;
				_v2704 = _v2704 ^ 0xe44ad0e5;
				_v2728 = 0xe68b79;
				_v2728 = _v2728 | 0x8e61462a;
				_v2728 = _v2728 >> 1;
				_v2728 = _v2728 ^ 0x477bf727;
				_v2616 = 0x4099b0;
				_v2616 = _v2616 + 0xfa8f;
				_v2616 = _v2616 ^ 0x0048c0a5;
				_v2688 = 0xff8ffd;
				_v2688 = _v2688 ^ 0x53972d47;
				_t446 = 0x60;
				_v2688 = _v2688 / _t446;
				_v2688 = _v2688 ^ 0x00dac0dc;
				_v2744 = 0xc2c855;
				_v2744 = _v2744 | 0x821d7436;
				_t447 = 0x65;
				_v2744 = _v2744 * 0x46;
				_v2744 = _v2744 ^ 0xc93dde39;
				_v2664 = 0x8fcf69;
				_v2664 = _v2664 ^ 0x92a1f028;
				_v2664 = _v2664 ^ 0x922e5d56;
				_v2672 = 0x138bb7;
				_v2672 = _v2672 + 0xffff6c98;
				_v2672 = _v2672 ^ 0x001bead2;
				_v2784 = 0x1d404b;
				_v2784 = _v2784 ^ 0xbb38c348;
				_v2784 = _v2784 >> 0xb;
				_v2784 = _v2784 | 0xeccea58e;
				_v2784 = _v2784 ^ 0xecdc694e;
				_v2676 = 0xbdcffc;
				_v2676 = _v2676 ^ 0x5aef785e;
				_v2676 = _v2676 ^ 0x5a57f2e1;
				_v2768 = 0xceb2dd;
				_v2768 = _v2768 | 0xafbcd5ba;
				_v2768 = _v2768 * 0xf;
				_v2768 = _v2768 / _t447;
				_v2768 = _v2768 ^ 0x00c1507c;
				_v2732 = 0xba5c67;
				_v2732 = _v2732 + 0xffff3085;
				_v2732 = _v2732 ^ 0x29fec498;
				_v2732 = _v2732 ^ 0x29414316;
				_v2740 = 0xfebc70;
				_v2740 = _v2740 >> 6;
				_t448 = 0x4c;
				_v2740 = _v2740 * 0x46;
				_v2740 = _v2740 ^ 0x01107382;
				_v2776 = 0x1fdbbd;
				_v2776 = _v2776 + 0xffff7a05;
				_v2776 = _v2776 << 5;
				_v2776 = _v2776 + 0xffff7a3d;
				_v2776 = _v2776 ^ 0x03eed3d9;
				_v2708 = 0xe5e896;
				_v2708 = _v2708 << 6;
				_v2708 = _v2708 + 0x807d;
				_v2708 = _v2708 ^ 0x3973facc;
				_v2716 = 0xdc1d9;
				_v2716 = _v2716 | 0xfc1937aa;
				_v2716 = _v2716 + 0xffffd03c;
				_v2716 = _v2716 ^ 0xfc1f97ce;
				_v2648 = 0xeb72b6;
				_v2648 = _v2648 >> 8;
				_v2648 = _v2648 ^ 0x0003133b;
				_v2724 = 0x35c70c;
				_v2724 = _v2724 + 0xffff3120;
				_v2724 = _v2724 + 0xda65;
				_v2724 = _v2724 ^ 0x003bd395;
				_v2656 = 0x588c44;
				_v2656 = _v2656 ^ 0x3c8fee8a;
				_v2656 = _v2656 ^ 0x3cdfb996;
				_v2632 = 0xa98095;
				_v2632 = _v2632 + 0xf08e;
				_v2632 = _v2632 ^ 0x00ab49e1;
				_v2640 = 0x908171;
				_v2640 = _v2640 << 0xa;
				_v2640 = _v2640 ^ 0x42069508;
				_v2748 = 0xf99537;
				_v2748 = _v2748 >> 9;
				_v2748 = _v2748 | 0x4d3f7029;
				_v2748 = _v2748 ^ 0x4d356fb4;
				_v2700 = 0xf7c115;
				_v2700 = _v2700 + 0xffffc630;
				_v2700 = _v2700 >> 5;
				_v2700 = _v2700 ^ 0x0003a618;
				_v2624 = 0xf73d89;
				_v2624 = _v2624 * 0x3f;
				_v2624 = _v2624 ^ 0x3cd41ae8;
				_v2684 = 0x237d3e;
				_v2684 = _v2684 + 0xffff7bf2;
				_v2684 = _v2684 << 0xb;
				_v2684 = _v2684 ^ 0x17c7121d;
				_v2752 = 0x3823b3;
				_v2752 = _v2752 * 0x2a;
				_v2752 = _v2752 + 0xffff9ab5;
				_v2752 = _v2752 >> 9;
				_v2752 = _v2752 ^ 0x0000d6a9;
				_v2760 = 0x9d905;
				_t420 = _v2760 / _t448;
				_v2760 = _t420;
				_v2760 = _v2760 + 0xffff5226;
				_v2760 = _v2760 ^ 0x58f88d53;
				_v2760 = _v2760 ^ 0xa70b0c4e;
				while(_t489 != 0x219adc7) {
					if(_t489 == 0x472b880) {
						E02BB1A34(_v2744,  &_v1040, _t448, _t448, _v2664, _v2672, _v2784, _t448, _v2792, _v2676);
						_push(_v2776);
						_push(_v2740);
						_push(_v2732);
						E02BD2D0A(_v2716, __eflags,  &_v2080, _v2648, _v2724, _v2656, 0x2bb196c,  &_v520,  &_v1040, E02BCE1F8(0x2bb196c, _v2768, __eflags));
						E02BCFECB(_t422, _v2632, _v2640, _v2748, _v2700);
						__eflags = 0;
						return E02BC85FF(_v2624, _v2684, 0, 0,  &_v520, 0, _v2752, 0, _v2760);
					}
					_t501 = _t489 - 0x6430241;
					if(_t489 != 0x6430241) {
						L7:
						__eflags = _t489 - 0xc99ad3;
						if(__eflags != 0) {
							continue;
						} else {
							return _t420;
						}
						L10:
						return _t420;
					}
					E02BD0DB1(_v2788,  &_v2600, _t501, _v2660, _t448, _v2692);
					 *((short*)(E02BC09DD(_v2668,  &_v2600, _v2628, _v2756))) = 0;
					E02BBBAA9(_v2780, _v2712, _t501, _v2680, _v2612,  &_v1560);
					_push(_v2620);
					_push(_v2764);
					_push(_v2652);
					E02BD2D0A(_v2608, _t501,  &_v1560, _v2644, _v2604, _v2696, 0x2bb188c,  &_v2080,  &_v2600, E02BCE1F8(0x2bb188c, _v2736, _t501));
					E02BCFECB(_t434, _v2636, _v2720, _v2704, _v2728);
					_t448 = _v2616;
					_t420 = E02BBBFBE( &_v2080, _t488, _v2688);
					_t493 =  &(_t493[0x18]);
					if(_t420 != 0) {
						_t489 = 0x472b880;
						continue;
					}
					goto L10;
				}
				_t489 = 0x6430241;
				goto L7;
			}



































































                                                                                                          0x02bc7d5b
                                                                                                          0x02bc7d61
                                                                                                          0x02bc7d6a
                                                                                                          0x02bc7d71
                                                                                                          0x02bc7d78
                                                                                                          0x02bc7d7f
                                                                                                          0x02bc7d90
                                                                                                          0x02bc7d94
                                                                                                          0x02bc7d9a
                                                                                                          0x02bc7da1
                                                                                                          0x02bc7da6
                                                                                                          0x02bc7db1
                                                                                                          0x02bc7db2
                                                                                                          0x02bc7db6
                                                                                                          0x02bc7dbe
                                                                                                          0x02bc7dc9
                                                                                                          0x02bc7dd1
                                                                                                          0x02bc7ddc
                                                                                                          0x02bc7de4
                                                                                                          0x02bc7dec
                                                                                                          0x02bc7df4
                                                                                                          0x02bc7dfc
                                                                                                          0x02bc7e07
                                                                                                          0x02bc7e12
                                                                                                          0x02bc7e1d
                                                                                                          0x02bc7e28
                                                                                                          0x02bc7e30
                                                                                                          0x02bc7e3b
                                                                                                          0x02bc7e43
                                                                                                          0x02bc7e50
                                                                                                          0x02bc7e54
                                                                                                          0x02bc7e5c
                                                                                                          0x02bc7e64
                                                                                                          0x02bc7e6c
                                                                                                          0x02bc7e74
                                                                                                          0x02bc7e7c
                                                                                                          0x02bc7e84
                                                                                                          0x02bc7e8c
                                                                                                          0x02bc7e94
                                                                                                          0x02bc7e99
                                                                                                          0x02bc7ea1
                                                                                                          0x02bc7ea9
                                                                                                          0x02bc7eb4
                                                                                                          0x02bc7ebf
                                                                                                          0x02bc7eca
                                                                                                          0x02bc7ed5
                                                                                                          0x02bc7ee0
                                                                                                          0x02bc7eeb
                                                                                                          0x02bc7ef3
                                                                                                          0x02bc7efb
                                                                                                          0x02bc7f00
                                                                                                          0x02bc7f08
                                                                                                          0x02bc7f13
                                                                                                          0x02bc7f1e
                                                                                                          0x02bc7f29
                                                                                                          0x02bc7f31
                                                                                                          0x02bc7f36
                                                                                                          0x02bc7f44
                                                                                                          0x02bc7f48
                                                                                                          0x02bc7f50
                                                                                                          0x02bc7f5b
                                                                                                          0x02bc7f63
                                                                                                          0x02bc7f6e
                                                                                                          0x02bc7f76
                                                                                                          0x02bc7f83
                                                                                                          0x02bc7f87
                                                                                                          0x02bc7f8f
                                                                                                          0x02bc7f99
                                                                                                          0x02bc7fa4
                                                                                                          0x02bc7faf
                                                                                                          0x02bc7fba
                                                                                                          0x02bc7fc5
                                                                                                          0x02bc7fd0
                                                                                                          0x02bc7fdb
                                                                                                          0x02bc7fe6
                                                                                                          0x02bc7fef
                                                                                                          0x02bc7ff4
                                                                                                          0x02bc7ffd
                                                                                                          0x02bc8008
                                                                                                          0x02bc8010
                                                                                                          0x02bc8015
                                                                                                          0x02bc801a
                                                                                                          0x02bc8022
                                                                                                          0x02bc802d
                                                                                                          0x02bc8038
                                                                                                          0x02bc8043
                                                                                                          0x02bc804f
                                                                                                          0x02bc8054
                                                                                                          0x02bc805a
                                                                                                          0x02bc805f
                                                                                                          0x02bc8067
                                                                                                          0x02bc806f
                                                                                                          0x02bc8074
                                                                                                          0x02bc807c
                                                                                                          0x02bc8084
                                                                                                          0x02bc808c
                                                                                                          0x02bc8094
                                                                                                          0x02bc8098
                                                                                                          0x02bc80a0
                                                                                                          0x02bc80ab
                                                                                                          0x02bc80b6
                                                                                                          0x02bc80c1
                                                                                                          0x02bc80c9
                                                                                                          0x02bc80d5
                                                                                                          0x02bc80da
                                                                                                          0x02bc80e0
                                                                                                          0x02bc80e8
                                                                                                          0x02bc80f0
                                                                                                          0x02bc80fd
                                                                                                          0x02bc80fe
                                                                                                          0x02bc8102
                                                                                                          0x02bc810a
                                                                                                          0x02bc8115
                                                                                                          0x02bc8120
                                                                                                          0x02bc812b
                                                                                                          0x02bc8136
                                                                                                          0x02bc8141
                                                                                                          0x02bc814c
                                                                                                          0x02bc8154
                                                                                                          0x02bc815c
                                                                                                          0x02bc8161
                                                                                                          0x02bc8169
                                                                                                          0x02bc8171
                                                                                                          0x02bc817c
                                                                                                          0x02bc8187
                                                                                                          0x02bc8192
                                                                                                          0x02bc819a
                                                                                                          0x02bc81a7
                                                                                                          0x02bc81b1
                                                                                                          0x02bc81b5
                                                                                                          0x02bc81bd
                                                                                                          0x02bc81c7
                                                                                                          0x02bc81d4
                                                                                                          0x02bc81e1
                                                                                                          0x02bc81e9
                                                                                                          0x02bc81f1
                                                                                                          0x02bc81fd
                                                                                                          0x02bc81fe
                                                                                                          0x02bc8202
                                                                                                          0x02bc820a
                                                                                                          0x02bc8212
                                                                                                          0x02bc821a
                                                                                                          0x02bc821f
                                                                                                          0x02bc8227
                                                                                                          0x02bc822f
                                                                                                          0x02bc8237
                                                                                                          0x02bc823c
                                                                                                          0x02bc8244
                                                                                                          0x02bc824c
                                                                                                          0x02bc8254
                                                                                                          0x02bc825c
                                                                                                          0x02bc8264
                                                                                                          0x02bc826c
                                                                                                          0x02bc8277
                                                                                                          0x02bc827f
                                                                                                          0x02bc828a
                                                                                                          0x02bc8292
                                                                                                          0x02bc829a
                                                                                                          0x02bc82a2
                                                                                                          0x02bc82aa
                                                                                                          0x02bc82b5
                                                                                                          0x02bc82c0
                                                                                                          0x02bc82cb
                                                                                                          0x02bc82d6
                                                                                                          0x02bc82e1
                                                                                                          0x02bc82ec
                                                                                                          0x02bc82f7
                                                                                                          0x02bc82ff
                                                                                                          0x02bc830a
                                                                                                          0x02bc8312
                                                                                                          0x02bc8317
                                                                                                          0x02bc831f
                                                                                                          0x02bc8327
                                                                                                          0x02bc832f
                                                                                                          0x02bc8337
                                                                                                          0x02bc833c
                                                                                                          0x02bc8344
                                                                                                          0x02bc8357
                                                                                                          0x02bc835e
                                                                                                          0x02bc8369
                                                                                                          0x02bc8371
                                                                                                          0x02bc8379
                                                                                                          0x02bc837e
                                                                                                          0x02bc8386
                                                                                                          0x02bc8393
                                                                                                          0x02bc8397
                                                                                                          0x02bc839f
                                                                                                          0x02bc83a4
                                                                                                          0x02bc83ac
                                                                                                          0x02bc83b8
                                                                                                          0x02bc83ba
                                                                                                          0x02bc83be
                                                                                                          0x02bc83c6
                                                                                                          0x02bc83ce
                                                                                                          0x02bc83d6
                                                                                                          0x02bc83e4
                                                                                                          0x02bc8546
                                                                                                          0x02bc854b
                                                                                                          0x02bc8554
                                                                                                          0x02bc8558
                                                                                                          0x02bc85a1
                                                                                                          0x02bc85c1
                                                                                                          0x02bc85d0
                                                                                                          0x00000000
                                                                                                          0x02bc85f1
                                                                                                          0x02bc83ea
                                                                                                          0x02bc83ec
                                                                                                          0x02bc850a
                                                                                                          0x02bc850a
                                                                                                          0x02bc8510
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bc85fe
                                                                                                          0x02bc85fe
                                                                                                          0x02bc85fe
                                                                                                          0x02bc8409
                                                                                                          0x02bc842e
                                                                                                          0x02bc8452
                                                                                                          0x02bc8457
                                                                                                          0x02bc8463
                                                                                                          0x02bc8467
                                                                                                          0x02bc84b6
                                                                                                          0x02bc84d6
                                                                                                          0x02bc84e2
                                                                                                          0x02bc84f1
                                                                                                          0x02bc84f6
                                                                                                          0x02bc84fb
                                                                                                          0x02bc8501
                                                                                                          0x00000000
                                                                                                          0x02bc8501
                                                                                                          0x00000000
                                                                                                          0x02bc84fb
                                                                                                          0x02bc8508
                                                                                                          0x00000000

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: $P$)p?M$>}#$Gqx$O"r$\f%0$^xZ$jz$o$}0
                                                                                                          • API String ID: 0-1313373530
                                                                                                          • Opcode ID: 9e720818691fe6e390b94abfe249ab97987646d2660f701b16eba3c4bc34e806
                                                                                                          • Instruction ID: 8cb40ab9fa8544b5c3c09d5715430b0f0407c1fb5a2c1fb7a17dc9ccb7ecc808
                                                                                                          • Opcode Fuzzy Hash: 9e720818691fe6e390b94abfe249ab97987646d2660f701b16eba3c4bc34e806
                                                                                                          • Instruction Fuzzy Hash: 5F12F2B15093819FD3A9CF21C949A9BFBE2FBC4708F10891DE1D996260D7B58909CF53
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BB238C, Relevance: 11.7, Strings: 9, Instructions: 428COMMONCrypto
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 928 2bb238c-2bb2ad1 929 2bb2ad8-2bb2add 928->929 930 2bb2ae2-2bb2ae8 929->930 931 2bb2aee-2bb2af4 930->931 932 2bb2d22-2bb2d51 call 2bcc387 call 2bcbc6b 930->932 933 2bb2afa-2bb2afc 931->933 934 2bb2d78-2bb2dad call 2bc85ff 931->934 952 2bb2d56-2bb2d5c 932->952 937 2bb2b02-2bb2b04 933->937 938 2bb2d64-2bb2d76 933->938 947 2bb2ddf-2bb2de9 934->947 948 2bb2daf-2bb2dd2 call 2bd1538 934->948 943 2bb2b0a-2bb2b10 937->943 944 2bb2cb3-2bb2cee call 2bc017b 937->944 941 2bb2dd9-2bb2dde call 2bd1538 938->941 941->947 949 2bb2ca9-2bb2cae 943->949 950 2bb2b16-2bb2b1c 943->950 960 2bb2c89-2bb2c8b 944->960 961 2bb2cf0-2bb2d1d call 2bd1538 * 2 944->961 948->941 949->930 955 2bb2b1e-2bb2b24 950->955 956 2bb2b7c-2bb2c87 call 2bd0db1 call 2bc09dd call 2bbbaa9 call 2bce1f8 call 2bd2d0a call 2bcfecb call 2bbbfbe 950->956 952->930 958 2bb2d62 952->958 955->952 963 2bb2b2a-2bb2b2c 955->963 956->960 986 2bb2c90-2bb2ca4 956->986 958->947 960->929 961->960 966 2bb2b2e-2bb2b62 call 2bc9774 963->966 967 2bb2b72-2bb2b77 963->967 966->947 974 2bb2b68-2bb2b6d 966->974 967->930 974->929 986->930
                                                                                                          C-Code - Quality: 94%
                                                                                                          			E02BB238C(void* __ecx) {
				char _v524;
				char _v1044;
				char _v1564;
				intOrPtr _v1576;
				char _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				signed int _v1708;
				signed int _v1712;
				unsigned int _v1716;
				signed int _v1720;
				signed int _v1724;
				signed int _v1728;
				signed int _v1732;
				signed int _v1736;
				signed int _v1740;
				signed int _v1744;
				signed int _v1748;
				signed int _v1752;
				signed int _v1756;
				signed int _v1760;
				signed int _v1764;
				signed int _v1768;
				signed int _v1772;
				signed int _v1776;
				signed int _v1780;
				signed int _v1784;
				signed int _v1788;
				signed int _v1792;
				void* _t472;
				void* _t474;
				void* _t477;
				void* _t481;
				void* _t496;
				signed int _t498;
				signed int _t499;
				signed int _t500;
				signed int _t501;
				signed int _t502;
				void* _t503;
				signed int _t507;
				signed int _t537;
				signed int _t548;
				void* _t550;
				void* _t555;

				_v1584 = _v1584 & 0x00000000;
				_v1788 = 0x33fdc0;
				_v1788 = _v1788 >> 6;
				_v1788 = _v1788 + 0xffff8381;
				_v1788 = _v1788 | 0x21bcf8d5;
				_v1788 = _v1788 ^ 0x23bcfbfd;
				_v1744 = 0xdaa9b2;
				_v1744 = _v1744 >> 0xa;
				_v1744 = _v1744 >> 0xd;
				_v1744 = _v1744 * 0xc;
				_t496 = __ecx;
				_v1744 = _v1744 ^ 0x00028d02;
				_t550 = 0x854d193;
				_v1632 = 0x7e6112;
				_v1632 = _v1632 << 4;
				_v1632 = _v1632 ^ 0x07e103ba;
				_v1716 = 0xd48fca;
				_v1716 = _v1716 + 0x54b9;
				_v1716 = _v1716 >> 3;
				_v1716 = _v1716 ^ 0x00172ea2;
				_v1612 = 0xc953de;
				_v1612 = _v1612 + 0xffff7488;
				_v1612 = _v1612 ^ 0x00c8e870;
				_v1660 = 0xfcf42a;
				_v1660 = _v1660 ^ 0x4c4ed76c;
				_v1660 = _v1660 ^ 0x4cb955ce;
				_v1600 = 0xa6934b;
				_v1600 = _v1600 >> 7;
				_v1600 = _v1600 ^ 0x00032972;
				_v1604 = 0xac816b;
				_t498 = 0x70;
				_v1604 = _v1604 * 0x21;
				_v1604 = _v1604 ^ 0x16380272;
				_v1696 = 0x6f97e6;
				_v1696 = _v1696 | 0xa083c342;
				_v1696 = _v1696 ^ 0x07d73a4d;
				_v1696 = _v1696 ^ 0xa73f6dc5;
				_v1684 = 0xc2049d;
				_v1684 = _v1684 << 5;
				_v1684 = _v1684 ^ 0x7749f8a8;
				_v1684 = _v1684 ^ 0x6f051565;
				_v1652 = 0xcc0992;
				_v1652 = _v1652 / _t498;
				_v1652 = _v1652 ^ 0x000062be;
				_v1644 = 0xb03f6e;
				_v1644 = _v1644 | 0x923ba096;
				_v1644 = _v1644 ^ 0x92bf0244;
				_v1596 = 0xe574f1;
				_t499 = 0x34;
				_v1596 = _v1596 * 0x7b;
				_v1596 = _v1596 ^ 0x6e3d68f9;
				_v1712 = 0x56ecc;
				_v1712 = _v1712 | 0x82f65ce8;
				_v1712 = _v1712 ^ 0x3fbbcfe7;
				_v1712 = _v1712 ^ 0xbd43ec0e;
				_v1672 = 0x17149a;
				_v1672 = _v1672 >> 3;
				_v1672 = _v1672 ^ 0x000903bb;
				_v1780 = 0xd02801;
				_v1780 = _v1780 + 0x92b0;
				_v1780 = _v1780 >> 2;
				_v1780 = _v1780 >> 2;
				_v1780 = _v1780 ^ 0x000a2638;
				_v1680 = 0x58b587;
				_v1680 = _v1680 / _t499;
				_t500 = 0x6c;
				_v1680 = _v1680 / _t500;
				_v1680 = _v1680 ^ 0x000e92c3;
				_v1756 = 0xa3a224;
				_v1756 = _v1756 + 0xffffb0d0;
				_v1756 = _v1756 | 0x22aa770c;
				_v1756 = _v1756 ^ 0xa1e09b61;
				_v1756 = _v1756 ^ 0x83433f26;
				_v1772 = 0x502a69;
				_v1772 = _v1772 + 0xf56b;
				_v1772 = _v1772 ^ 0x45c826e2;
				_v1772 = _v1772 << 3;
				_v1772 = _v1772 ^ 0x2cc29674;
				_v1704 = 0x78c4c8;
				_v1704 = _v1704 >> 5;
				_v1704 = _v1704 >> 0xb;
				_v1704 = _v1704 ^ 0x000284d1;
				_v1636 = 0x5a1a48;
				_v1636 = _v1636 | 0x49fffb3e;
				_v1636 = _v1636 ^ 0x49fe8be8;
				_v1740 = 0xbf037f;
				_v1740 = _v1740 << 0xe;
				_t501 = 0x25;
				_v1740 = _v1740 / _t501;
				_v1740 = _v1740 | 0xccccb3e4;
				_v1740 = _v1740 ^ 0xcdfabced;
				_v1688 = 0x95b1ca;
				_v1688 = _v1688 ^ 0x177e4a6b;
				_v1688 = _v1688 | 0x2f1db7c3;
				_v1688 = _v1688 ^ 0x3ffaee54;
				_v1592 = 0x55c9d;
				_v1592 = _v1592 + 0x6a7d;
				_v1592 = _v1592 ^ 0x0009fe3c;
				_v1628 = 0x3a227c;
				_v1628 = _v1628 + 0x86b1;
				_v1628 = _v1628 ^ 0x003b89cb;
				_v1588 = 0x8f964;
				_v1588 = _v1588 ^ 0xa28705c5;
				_v1588 = _v1588 ^ 0xa2875abd;
				_v1748 = 0xfacc7e;
				_v1748 = _v1748 >> 7;
				_v1748 = _v1748 << 5;
				_v1748 = _v1748 * 0x52;
				_v1748 = _v1748 ^ 0x141cbb89;
				_v1668 = 0x1ea707;
				_v1668 = _v1668 >> 9;
				_v1668 = _v1668 ^ 0x0009aede;
				_v1620 = 0x6a93f9;
				_v1620 = _v1620 * 0x2f;
				_v1620 = _v1620 ^ 0x139d0c16;
				_v1732 = 0xe0254d;
				_v1732 = _v1732 >> 5;
				_v1732 = _v1732 + 0x8d90;
				_v1732 = _v1732 ^ 0x6e303e8a;
				_v1732 = _v1732 ^ 0x6e36b510;
				_v1764 = 0x8f9e28;
				_v1764 = _v1764 | 0x05ab8c08;
				_v1764 = _v1764 ^ 0x1f734d6b;
				_v1764 = _v1764 | 0x4c44fbff;
				_v1764 = _v1764 ^ 0x5ed9dcbf;
				_v1664 = 0x89ae50;
				_v1664 = _v1664 + 0xffff7042;
				_v1664 = _v1664 ^ 0x008bcf93;
				_v1720 = 0x59414f;
				_v1720 = _v1720 ^ 0xb8de2fa2;
				_v1720 = _v1720 << 3;
				_v1720 = _v1720 ^ 0xc43925a0;
				_v1776 = 0x701ae5;
				_v1776 = _v1776 * 0x2f;
				_v1776 = _v1776 + 0xffff7ac3;
				_v1776 = _v1776 >> 0xd;
				_v1776 = _v1776 ^ 0x000eab5b;
				_v1784 = 0xc6ba99;
				_v1784 = _v1784 + 0xffff3dc8;
				_v1784 = _v1784 + 0xfffff02f;
				_v1784 = _v1784 << 0xa;
				_v1784 = _v1784 ^ 0x17a755e4;
				_v1648 = 0x49cca0;
				_v1648 = _v1648 << 0xe;
				_v1648 = _v1648 ^ 0x7324fd9e;
				_v1656 = 0xf258c2;
				_v1656 = _v1656 >> 9;
				_v1656 = _v1656 ^ 0x0001b893;
				_v1792 = 0x2c7b35;
				_t265 =  &_v1792; // 0x2c7b35
				_t502 = 0x5b;
				_v1792 =  *_t265 * 0xd;
				_v1792 = _v1792 << 2;
				_v1792 = _v1792 + 0x1495;
				_v1792 = _v1792 ^ 0x090f1a77;
				_v1768 = 0xbf4508;
				_v1768 = _v1768 / _t502;
				_v1768 = _v1768 * 0x7b;
				_v1768 = _v1768 * 0x6c;
				_v1768 = _v1768 ^ 0x6d142a82;
				_v1640 = 0xd70bb;
				_v1640 = _v1640 + 0xffffb965;
				_v1640 = _v1640 ^ 0x000d3816;
				_v1752 = 0x745b9d;
				_v1752 = _v1752 >> 0xb;
				_v1752 = _v1752 + 0xde80;
				_v1752 = _v1752 + 0xffff3192;
				_v1752 = _v1752 ^ 0x0008925b;
				_v1760 = 0xacf8cd;
				_v1760 = _v1760 + 0xffff9672;
				_v1760 = _v1760 | 0xf153a794;
				_v1760 = _v1760 >> 8;
				_v1760 = _v1760 ^ 0x00f89a8f;
				_v1736 = 0x809c29;
				_v1736 = _v1736 + 0xffffec2c;
				_v1736 = _v1736 | 0xf5f6afdc;
				_v1736 = _v1736 ^ 0xe29e6862;
				_v1736 = _v1736 ^ 0x176fe90e;
				_v1692 = 0x187f09;
				_v1692 = _v1692 ^ 0xea03092e;
				_v1692 = _v1692 + 0x8629;
				_v1692 = _v1692 ^ 0xea1b0891;
				_v1616 = 0xdadf05;
				_v1616 = _v1616 >> 3;
				_v1616 = _v1616 ^ 0x001b90e7;
				_v1700 = 0x255f4a;
				_v1700 = _v1700 + 0x19d8;
				_v1700 = _v1700 * 0x77;
				_v1700 = _v1700 ^ 0x1164c06a;
				_v1728 = 0x19a192;
				_v1728 = _v1728 | 0x5ed50fa2;
				_v1728 = _v1728 + 0xffff411c;
				_v1728 = _v1728 | 0x02c614be;
				_v1728 = _v1728 ^ 0x5edf5bbc;
				_v1608 = 0x401b2;
				_v1608 = _v1608 | 0xbe85eb48;
				_v1608 = _v1608 ^ 0xbe8cf33f;
				_v1676 = 0x1ae3ab;
				_v1676 = _v1676 | 0xf7e0dbb3;
				_v1676 = _v1676 >> 4;
				_v1676 = _v1676 ^ 0x0f7cac70;
				_v1724 = 0xfdfaa3;
				_v1724 = _v1724 + 0xbcd0;
				_v1724 = _v1724 | 0x4b62528b;
				_v1724 = _v1724 ^ 0x4bf9131d;
				_v1708 = 0x8383c7;
				_v1708 = _v1708 >> 2;
				_v1708 = _v1708 + 0xffff26cd;
				_v1708 = _v1708 ^ 0x002bd4f5;
				_v1624 = 0xf208a5;
				_v1624 = _v1624 << 8;
				_v1624 = _v1624 ^ 0xf20fbad4;
				_t548 = _v1584;
				while(1) {
					L1:
					_t503 = 0x5394512;
					L2:
					while(_t550 != 0x36274) {
						if(_t550 == 0x34d5b0c) {
							_push(_t503);
							_t477 = E02BC85FF(_v1736, _v1692, __eflags,  &_v1580, 0,  &_v1564, _v1616, 0, _v1700);
							__eflags = _t477;
							if(_t477 == 0) {
								L26:
								return _t477;
							}
							E02BD1538(_v1728, _v1608, _v1580);
							_t537 = _v1724;
							_push(_v1576);
							_t507 = _v1676;
							L25:
							return E02BD1538(_t507, _t537);
						}
						if(_t550 == 0x37ad1c9) {
							_t537 = _v1624;
							_push(_v1584);
							_t507 = _v1708;
							goto L25;
						}
						if(_t550 == _t503) {
							_push(_v1792);
							_t481 = E02BC017B( &_v1564, _v1776, _t503, _v1784, _v1648, _v1584,  &_v1580, _v1656);
							_t555 = _t555 + 0x20;
							__eflags = _t481;
							if(__eflags != 0) {
								E02BD1538(_v1768, _v1640, _v1580);
								E02BD1538(_v1752, _v1760, _v1576);
							}
							L14:
							_t550 = 0x37ad1c9;
							while(1) {
								L1:
								_t503 = 0x5394512;
								goto L2;
							}
						}
						if(_t550 == 0x854d193) {
							_t550 = 0x36274;
							continue;
						}
						if(_t550 == 0x9c7608b) {
							E02BD0DB1(_v1696,  &_v1044, __eflags, _v1684, _t503, _v1652);
							 *((short*)(E02BC09DD(_v1644,  &_v1044, _v1596, _v1712))) = 0;
							E02BBBAA9(_v1672, _v1780, __eflags, _v1680, _v1756,  &_v524);
							_push(_v1740);
							_push(_v1636);
							_push(_v1704);
							E02BD2D0A(_v1592, __eflags,  &_v524, _v1628, _v1588, _v1748, 0x2bb18bc,  &_v1564,  &_v1044, E02BCE1F8(0x2bb18bc, _v1772, __eflags));
							E02BCFECB(_t488, _v1668, _v1620, _v1732, _v1764);
							_t555 = _t555 + 0x58;
							__eflags = E02BBBFBE( &_v1564, _t496, _v1720);
							if(__eflags != 0) {
								_t474 = 0x2f41e48;
								__eflags = _t548 - 0x2f41e48;
								_t503 = 0x5394512;
								_t550 =  ==  ? 0x5394512 : 0x34d5b0c;
								continue;
							}
							goto L14;
						}
						if(_t550 != 0xf62a168) {
							L20:
							__eflags = _t550 - 0x4f1a594;
							if(__eflags != 0) {
								continue;
							}
							return _t474;
						}
						if(_t548 != _t474) {
							_t550 = 0x9c7608b;
							continue;
						}
						_push(_v1788);
						_push( &_v1584);
						_t477 = E02BC9774(_v1612, _v1660, _v1600, _t503, _v1604, _t503);
						_t555 = _t555 + 0x18;
						if(_t477 == 0) {
							goto L26;
						}
						_t550 = 0x9c7608b;
						goto L1;
					}
					_t472 = E02BCC387(_t503);
					__eflags = _t472 - E02BCBC6B();
					_t474 = 0x2f41e48;
					_t550 = 0xf62a168;
					_t548 =  !=  ? 0x2f41e48 : 0x95df4e1;
					_t503 = 0x5394512;
					goto L20;
				}
			}













































































                                                                                                          0x02bb2392
                                                                                                          0x02bb239c
                                                                                                          0x02bb23a4
                                                                                                          0x02bb23a9
                                                                                                          0x02bb23b1
                                                                                                          0x02bb23b9
                                                                                                          0x02bb23c1
                                                                                                          0x02bb23c9
                                                                                                          0x02bb23ce
                                                                                                          0x02bb23dc
                                                                                                          0x02bb23e0
                                                                                                          0x02bb23e2
                                                                                                          0x02bb23ea
                                                                                                          0x02bb23ef
                                                                                                          0x02bb23fa
                                                                                                          0x02bb2402
                                                                                                          0x02bb240d
                                                                                                          0x02bb2415
                                                                                                          0x02bb241d
                                                                                                          0x02bb2422
                                                                                                          0x02bb242a
                                                                                                          0x02bb2435
                                                                                                          0x02bb2440
                                                                                                          0x02bb244b
                                                                                                          0x02bb2456
                                                                                                          0x02bb2461
                                                                                                          0x02bb246c
                                                                                                          0x02bb2477
                                                                                                          0x02bb247f
                                                                                                          0x02bb248a
                                                                                                          0x02bb249f
                                                                                                          0x02bb24a2
                                                                                                          0x02bb24a9
                                                                                                          0x02bb24b4
                                                                                                          0x02bb24bc
                                                                                                          0x02bb24c4
                                                                                                          0x02bb24cc
                                                                                                          0x02bb24d4
                                                                                                          0x02bb24df
                                                                                                          0x02bb24e7
                                                                                                          0x02bb24f2
                                                                                                          0x02bb24fd
                                                                                                          0x02bb2513
                                                                                                          0x02bb251a
                                                                                                          0x02bb2525
                                                                                                          0x02bb2530
                                                                                                          0x02bb253b
                                                                                                          0x02bb2546
                                                                                                          0x02bb2559
                                                                                                          0x02bb255a
                                                                                                          0x02bb2561
                                                                                                          0x02bb256c
                                                                                                          0x02bb2574
                                                                                                          0x02bb257c
                                                                                                          0x02bb2584
                                                                                                          0x02bb258c
                                                                                                          0x02bb2597
                                                                                                          0x02bb259f
                                                                                                          0x02bb25aa
                                                                                                          0x02bb25b2
                                                                                                          0x02bb25ba
                                                                                                          0x02bb25bf
                                                                                                          0x02bb25c4
                                                                                                          0x02bb25cc
                                                                                                          0x02bb25e0
                                                                                                          0x02bb25f2
                                                                                                          0x02bb25f7
                                                                                                          0x02bb2600
                                                                                                          0x02bb260b
                                                                                                          0x02bb2613
                                                                                                          0x02bb261b
                                                                                                          0x02bb2623
                                                                                                          0x02bb262b
                                                                                                          0x02bb2633
                                                                                                          0x02bb263b
                                                                                                          0x02bb2643
                                                                                                          0x02bb264b
                                                                                                          0x02bb2650
                                                                                                          0x02bb2658
                                                                                                          0x02bb2660
                                                                                                          0x02bb2665
                                                                                                          0x02bb266a
                                                                                                          0x02bb2672
                                                                                                          0x02bb267d
                                                                                                          0x02bb2688
                                                                                                          0x02bb2693
                                                                                                          0x02bb269b
                                                                                                          0x02bb26a4
                                                                                                          0x02bb26a7
                                                                                                          0x02bb26ab
                                                                                                          0x02bb26b3
                                                                                                          0x02bb26bb
                                                                                                          0x02bb26c3
                                                                                                          0x02bb26cb
                                                                                                          0x02bb26d3
                                                                                                          0x02bb26db
                                                                                                          0x02bb26e6
                                                                                                          0x02bb26f1
                                                                                                          0x02bb26fc
                                                                                                          0x02bb2707
                                                                                                          0x02bb2712
                                                                                                          0x02bb271d
                                                                                                          0x02bb2728
                                                                                                          0x02bb2733
                                                                                                          0x02bb273e
                                                                                                          0x02bb2746
                                                                                                          0x02bb274b
                                                                                                          0x02bb2755
                                                                                                          0x02bb2759
                                                                                                          0x02bb2761
                                                                                                          0x02bb276c
                                                                                                          0x02bb2774
                                                                                                          0x02bb277f
                                                                                                          0x02bb2792
                                                                                                          0x02bb2799
                                                                                                          0x02bb27a4
                                                                                                          0x02bb27ac
                                                                                                          0x02bb27b1
                                                                                                          0x02bb27b9
                                                                                                          0x02bb27c1
                                                                                                          0x02bb27c9
                                                                                                          0x02bb27d1
                                                                                                          0x02bb27d9
                                                                                                          0x02bb27e1
                                                                                                          0x02bb27e9
                                                                                                          0x02bb27f1
                                                                                                          0x02bb27fc
                                                                                                          0x02bb2807
                                                                                                          0x02bb2812
                                                                                                          0x02bb281a
                                                                                                          0x02bb2822
                                                                                                          0x02bb2827
                                                                                                          0x02bb282f
                                                                                                          0x02bb283c
                                                                                                          0x02bb2840
                                                                                                          0x02bb2848
                                                                                                          0x02bb284d
                                                                                                          0x02bb2857
                                                                                                          0x02bb285f
                                                                                                          0x02bb2867
                                                                                                          0x02bb286f
                                                                                                          0x02bb2874
                                                                                                          0x02bb287c
                                                                                                          0x02bb2887
                                                                                                          0x02bb288f
                                                                                                          0x02bb289a
                                                                                                          0x02bb28a5
                                                                                                          0x02bb28ad
                                                                                                          0x02bb28b8
                                                                                                          0x02bb28c0
                                                                                                          0x02bb28c7
                                                                                                          0x02bb28c8
                                                                                                          0x02bb28cc
                                                                                                          0x02bb28d1
                                                                                                          0x02bb28d9
                                                                                                          0x02bb28e1
                                                                                                          0x02bb28ef
                                                                                                          0x02bb28f8
                                                                                                          0x02bb2901
                                                                                                          0x02bb2905
                                                                                                          0x02bb290d
                                                                                                          0x02bb2918
                                                                                                          0x02bb2923
                                                                                                          0x02bb292e
                                                                                                          0x02bb2936
                                                                                                          0x02bb293b
                                                                                                          0x02bb2943
                                                                                                          0x02bb294b
                                                                                                          0x02bb2953
                                                                                                          0x02bb295b
                                                                                                          0x02bb2963
                                                                                                          0x02bb296b
                                                                                                          0x02bb2970
                                                                                                          0x02bb2978
                                                                                                          0x02bb2980
                                                                                                          0x02bb2988
                                                                                                          0x02bb2990
                                                                                                          0x02bb2998
                                                                                                          0x02bb29a0
                                                                                                          0x02bb29a8
                                                                                                          0x02bb29b0
                                                                                                          0x02bb29b8
                                                                                                          0x02bb29c0
                                                                                                          0x02bb29cb
                                                                                                          0x02bb29d3
                                                                                                          0x02bb29de
                                                                                                          0x02bb29e6
                                                                                                          0x02bb29f3
                                                                                                          0x02bb29f7
                                                                                                          0x02bb29ff
                                                                                                          0x02bb2a07
                                                                                                          0x02bb2a0f
                                                                                                          0x02bb2a17
                                                                                                          0x02bb2a1f
                                                                                                          0x02bb2a27
                                                                                                          0x02bb2a32
                                                                                                          0x02bb2a3d
                                                                                                          0x02bb2a48
                                                                                                          0x02bb2a53
                                                                                                          0x02bb2a5e
                                                                                                          0x02bb2a66
                                                                                                          0x02bb2a71
                                                                                                          0x02bb2a79
                                                                                                          0x02bb2a81
                                                                                                          0x02bb2a89
                                                                                                          0x02bb2a91
                                                                                                          0x02bb2a99
                                                                                                          0x02bb2a9e
                                                                                                          0x02bb2aa6
                                                                                                          0x02bb2aae
                                                                                                          0x02bb2ab9
                                                                                                          0x02bb2ac6
                                                                                                          0x02bb2ad1
                                                                                                          0x02bb2ad8
                                                                                                          0x02bb2ad8
                                                                                                          0x02bb2add
                                                                                                          0x00000000
                                                                                                          0x02bb2ae2
                                                                                                          0x02bb2af4
                                                                                                          0x02bb2d78
                                                                                                          0x02bb2da3
                                                                                                          0x02bb2dab
                                                                                                          0x02bb2dad
                                                                                                          0x02bb2de9
                                                                                                          0x02bb2de9
                                                                                                          0x02bb2de9
                                                                                                          0x02bb2dc1
                                                                                                          0x02bb2dc6
                                                                                                          0x02bb2dcb
                                                                                                          0x02bb2dd2
                                                                                                          0x02bb2dd9
                                                                                                          0x00000000
                                                                                                          0x02bb2dde
                                                                                                          0x02bb2afc
                                                                                                          0x02bb2d64
                                                                                                          0x02bb2d6b
                                                                                                          0x02bb2d72
                                                                                                          0x00000000
                                                                                                          0x02bb2d72
                                                                                                          0x02bb2b04
                                                                                                          0x02bb2cb3
                                                                                                          0x02bb2ce4
                                                                                                          0x02bb2ce9
                                                                                                          0x02bb2cec
                                                                                                          0x02bb2cee
                                                                                                          0x02bb2d02
                                                                                                          0x02bb2d17
                                                                                                          0x02bb2d1c
                                                                                                          0x02bb2c89
                                                                                                          0x02bb2c89
                                                                                                          0x02bb2ad8
                                                                                                          0x02bb2ad8
                                                                                                          0x02bb2add
                                                                                                          0x00000000
                                                                                                          0x02bb2add
                                                                                                          0x02bb2ad8
                                                                                                          0x02bb2b10
                                                                                                          0x02bb2ca9
                                                                                                          0x00000000
                                                                                                          0x02bb2ca9
                                                                                                          0x02bb2b1c
                                                                                                          0x02bb2b99
                                                                                                          0x02bb2bc1
                                                                                                          0x02bb2be2
                                                                                                          0x02bb2bef
                                                                                                          0x02bb2bf3
                                                                                                          0x02bb2bfa
                                                                                                          0x02bb2c46
                                                                                                          0x02bb2c63
                                                                                                          0x02bb2c68
                                                                                                          0x02bb2c85
                                                                                                          0x02bb2c87
                                                                                                          0x02bb2c90
                                                                                                          0x02bb2c9a
                                                                                                          0x02bb2c9c
                                                                                                          0x02bb2ca1
                                                                                                          0x00000000
                                                                                                          0x02bb2ca1
                                                                                                          0x00000000
                                                                                                          0x02bb2c87
                                                                                                          0x02bb2b24
                                                                                                          0x02bb2d56
                                                                                                          0x02bb2d56
                                                                                                          0x02bb2d5c
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bb2d5c
                                                                                                          0x02bb2b2c
                                                                                                          0x02bb2b72
                                                                                                          0x00000000
                                                                                                          0x02bb2b72
                                                                                                          0x02bb2b2e
                                                                                                          0x02bb2b39
                                                                                                          0x02bb2b58
                                                                                                          0x02bb2b5d
                                                                                                          0x02bb2b62
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bb2b68
                                                                                                          0x00000000
                                                                                                          0x02bb2b68
                                                                                                          0x02bb2d31
                                                                                                          0x02bb2d3d
                                                                                                          0x02bb2d44
                                                                                                          0x02bb2d49
                                                                                                          0x02bb2d4e
                                                                                                          0x02bb2d51
                                                                                                          0x00000000
                                                                                                          0x02bb2d51

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: $P$5{,$8&$J_%$M%$OAY$i*P$|":$}j
                                                                                                          • API String ID: 0-2024644708
                                                                                                          • Opcode ID: 46593c43935276f6d16e4f23aab0a56367594df23e4c86898450550be9cc2bdd
                                                                                                          • Instruction ID: 86be5285dce07eea4ceff69c4d5fce300664fa4158a641dca3ef6325aa23c752
                                                                                                          • Opcode Fuzzy Hash: 46593c43935276f6d16e4f23aab0a56367594df23e4c86898450550be9cc2bdd
                                                                                                          • Instruction Fuzzy Hash: 15321F714097819FD379CF61C58AB9BBBE2BBC4308F50891DE6DA96220D7B18949CF13
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BCB257, Relevance: 11.7, Strings: 9, Instructions: 425COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 67%
                                                                                                          			E02BCB257(intOrPtr __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				char _v4;
				char _v8;
				signed int _v12;
				intOrPtr _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				unsigned int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				intOrPtr _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				intOrPtr _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				intOrPtr _t442;
				void* _t450;
				signed int _t452;
				intOrPtr _t464;
				signed int _t466;
				signed int _t467;
				signed int _t468;
				signed int _t469;
				signed int _t470;
				signed int _t471;
				signed int _t472;
				signed int _t473;
				signed int _t474;
				signed int _t475;
				intOrPtr _t476;
				void* _t511;
				intOrPtr* _t519;
				signed int _t522;
				signed int* _t528;
				void* _t531;

				_push(_a8);
				_push(_a4);
				_v16 = __ecx;
				_push(__edx);
				_push(__ecx);
				E02BCFE29(__ecx);
				_v104 = 0xdca0c2;
				_t528 =  &(( &_v196)[4]);
				_v104 = _v104 ^ 0x20eddded;
				_v104 = _v104 + 0xc1e4;
				_t464 = 0;
				_v104 = _v104 ^ 0x20323f12;
				_t526 = 0;
				_v100 = 0xb7a414;
				_t522 = 0x63dbfd2;
				_v100 = _v100 >> 0xd;
				_v100 = _v100 >> 6;
				_v100 = _v100 ^ 0x00000017;
				_v56 = 0x45a952;
				_t466 = 0x59;
				_v56 = _v56 * 0x5b;
				_v56 = _v56 ^ 0x18c33027;
				_v188 = 0x2a9354;
				_v188 = _v188 * 0x52;
				_v188 = _v188 + 0xffff09d3;
				_v188 = _v188 ^ 0x657f446d;
				_v188 = _v188 ^ 0x68d207a2;
				_v156 = 0xab48ef;
				_v156 = _v156 >> 9;
				_v156 = _v156 ^ 0x16e9b314;
				_v156 = _v156 + 0xffff4dee;
				_v156 = _v156 ^ 0x16e86217;
				_v76 = 0xa04b9d;
				_v76 = _v76 / _t466;
				_v76 = _v76 + 0xffff95c9;
				_v76 = _v76 ^ 0x000bb2f5;
				_v96 = 0x5e9ce7;
				_v96 = _v96 >> 0xb;
				_v96 = _v96 + 0x393b;
				_v96 = _v96 ^ 0x0008104f;
				_v168 = 0x9b8ea1;
				_v168 = _v168 >> 3;
				_v168 = _v168 ^ 0x41b76bd4;
				_t467 = 0x4a;
				_v168 = _v168 / _t467;
				_v168 = _v168 ^ 0x00e0763a;
				_v84 = 0x6b9fd8;
				_v84 = _v84 + 0xffff492d;
				_v84 = _v84 ^ 0xc4f61535;
				_v84 = _v84 ^ 0xc49355d0;
				_v92 = 0xe62d26;
				_v92 = _v92 + 0xffffd3ae;
				_v92 = _v92 + 0xba25;
				_v92 = _v92 ^ 0x00e8488b;
				_v176 = 0x224b80;
				_v176 = _v176 * 0x64;
				_v176 = _v176 + 0xbfa2;
				_v176 = _v176 ^ 0x4d1eb270;
				_v176 = _v176 ^ 0x4076c61f;
				_v24 = 0x19cf70;
				_v24 = _v24 ^ 0x9000781e;
				_v24 = _v24 ^ 0x90166967;
				_v88 = 0x46d2d8;
				_v88 = _v88 << 0xd;
				_v88 = _v88 + 0x562b;
				_v88 = _v88 ^ 0xda50dff0;
				_v112 = 0x785cae;
				_v112 = _v112 ^ 0x168a73c4;
				_v112 = _v112 | 0x1d89c9b4;
				_v112 = _v112 ^ 0x1ff91637;
				_v196 = 0xff4614;
				_t468 = 0x5f;
				_v196 = _v196 / _t468;
				_v196 = _v196 + 0x757b;
				_t469 = 0x16;
				_v196 = _v196 * 0x60;
				_v196 = _v196 ^ 0x012524f0;
				_v80 = 0xc3120d;
				_v80 = _v80 | 0x1e4982bc;
				_v80 = _v80 * 0x7e;
				_v80 = _v80 ^ 0x2837c3c2;
				_v120 = 0xd97d0d;
				_v120 = _v120 << 0xd;
				_v120 = _v120 + 0x504;
				_v120 = _v120 ^ 0x2fa67262;
				_v172 = 0x34730a;
				_t142 =  &_v172; // 0x34730a
				_v172 =  *_t142 * 0x22;
				_t144 =  &_v172; // 0x34730a
				_v172 =  *_t144 / _t469;
				_v172 = _v172 << 8;
				_v172 = _v172 ^ 0x5108b0e0;
				_v68 = 0x5410d;
				_v68 = _v68 | 0x0af8be45;
				_v68 = _v68 << 4;
				_v68 = _v68 ^ 0xafd73693;
				_v40 = 0x3314ee;
				_v40 = _v40 << 6;
				_v40 = _v40 ^ 0x0cc221f8;
				_v148 = 0xdcf092;
				_v148 = _v148 >> 2;
				_t470 = 0x7d;
				_v148 = _v148 * 7;
				_v148 = _v148 ^ 0xc025e338;
				_v148 = _v148 ^ 0xc1a4d56b;
				_v48 = 0x99791e;
				_v48 = _v48 + 0xd07a;
				_v48 = _v48 ^ 0x009468bf;
				_v20 = 0xfa3426;
				_v20 = _v20 * 0x2f;
				_v20 = _v20 ^ 0x2dec6acf;
				_v128 = 0x599df;
				_v128 = _v128 / _t470;
				_v128 = _v128 ^ 0x7679aa05;
				_v128 = _v128 ^ 0x7675df44;
				_v124 = 0xbc7529;
				_t471 = 0x70;
				_v124 = _v124 / _t471;
				_v124 = _v124 * 5;
				_v124 = _v124 ^ 0x00024b90;
				_v140 = 0x23c06e;
				_v140 = _v140 << 8;
				_v140 = _v140 + 0xffff4990;
				_v140 = _v140 ^ 0x23b90b70;
				_v32 = 0x48411;
				_v32 = _v32 >> 0xd;
				_v32 = _v32 ^ 0x000cf15b;
				_v28 = 0x8f257d;
				_v28 = _v28 >> 0xa;
				_v28 = _v28 ^ 0x00045aca;
				_v72 = 0xc5b926;
				_t472 = 0x25;
				_v72 = _v72 * 0xd;
				_v72 = _v72 + 0x5de2;
				_v72 = _v72 ^ 0x0a0d42ec;
				_v52 = 0xb82feb;
				_v52 = _v52 / _t472;
				_v52 = _v52 ^ 0x000a7562;
				_v192 = 0x93d477;
				_v192 = _v192 + 0x2145;
				_v192 = _v192 >> 9;
				_t473 = 0x79;
				_v192 = _v192 / _t473;
				_v192 = _v192 ^ 0x000494fa;
				_v60 = 0xdd5e00;
				_v60 = _v60 + 0xe8be;
				_v60 = _v60 ^ 0x00d904e2;
				_v116 = 0xf92f20;
				_v116 = _v116 << 2;
				_v116 = _v116 + 0xffff4fca;
				_v116 = _v116 ^ 0x03e480d1;
				_v108 = 0xc8e556;
				_v108 = _v108 << 0xe;
				_v108 = _v108 | 0x9333dae4;
				_v108 = _v108 ^ 0xbb75d6e6;
				_v184 = 0xf22b18;
				_v184 = _v184 + 0xffff5aea;
				_v184 = _v184 ^ 0x0621037b;
				_v184 = _v184 + 0xffff0635;
				_v184 = _v184 ^ 0x06c19238;
				_v36 = 0xa8ef7f;
				_v36 = _v36 + 0xffff4107;
				_v36 = _v36 ^ 0x00ab8625;
				_v44 = 0xa6062e;
				_v44 = _v44 << 0xd;
				_v44 = _v44 ^ 0xc0ced932;
				_v180 = 0x5e49fc;
				_v180 = _v180 + 0x375b;
				_v180 = _v180 << 2;
				_t474 = 0x74;
				_v180 = _v180 * 0x1c;
				_v180 = _v180 ^ 0x2957b537;
				_v164 = 0x531cb2;
				_v164 = _v164 << 0xf;
				_v164 = _v164 ^ 0x1fcb8a78;
				_v164 = _v164 / _t474;
				_v164 = _v164 ^ 0x014b6a45;
				_v64 = 0x492d9e;
				_v64 = _v64 ^ 0x2124760e;
				_v64 = _v64 ^ 0x216a5ba9;
				_v132 = 0x711783;
				_v132 = _v132 | 0x71acd4bd;
				_v132 = _v132 + 0x97cf;
				_v132 = _v132 ^ 0x71fa50e2;
				_v152 = 0xb0a3b1;
				_v152 = _v152 ^ 0xa6c9b18c;
				_t475 = 0x5e;
				_v152 = _v152 / _t475;
				_v152 = _v152 / _t475;
				_v152 = _v152 ^ 0x0003c09f;
				_v136 = 0xe5fa51;
				_v136 = _v136 + 0xde7e;
				_v136 = _v136 + 0xffffe7ef;
				_v136 = _v136 ^ 0x00ec445b;
				_t519 = _v12;
				while(1) {
					L1:
					_t442 = _v144;
					while(1) {
						L2:
						while(1) {
							L3:
							_t476 = _v160;
							while(1) {
								L4:
								_t531 = _t522 - 0x93283d2;
								if(_t531 > 0) {
									break;
								}
								if(_t531 == 0) {
									return E02BD2B09(_v132, _t464, _v152, _v136);
								}
								if(_t522 == 0x6c245) {
									_push( &_v12);
									_push(_t464);
									_push(_t476);
									_push(_v68);
									_push(_v172);
									_push(_v120);
									_push(_v80);
									_push(_t476);
									_push(_v196);
									_push(_t476);
									_push(_v112);
									_push(_v88);
									_push(_v16);
									_t450 = E02BBFA95( &_v8, _v24);
									_t528 = _t528 - 0xc + 0x40;
									if(_t450 == 0) {
										L25:
										_t522 = 0x635125b;
										while(1) {
											L1:
											_t442 = _v144;
											goto L2;
										}
									} else {
										_t452 = E02BBDC1B( &_v8);
										_t522 = 0x4f2b403;
										_t442 = _v12 * 0x2c + _t464;
										_v144 = _t442;
										_t519 =  >=  ? _t464 : (_t452 & 0x0000001f) * 0x2c + _t464;
										goto L2;
									}
									L34:
								} else {
									if(_t522 == 0x4f2b403) {
										_t476 = E02BBEE62(_v148, _v16, _v48, _v20, _v128, _v56,  *_t519);
										_t528 =  &(_t528[5]);
										_t442 = _v144;
										_v160 = _t476;
										_t511 = 0xe34a72e;
										_t522 =  !=  ? 0xe34a72e : 0xced26bb;
										continue;
									} else {
										if(_t522 == 0x635125b) {
											E02BD2B09(_v180, _t526, _v164, _v64);
											_t522 = 0x93283d2;
											while(1) {
												L1:
												_t442 = _v144;
												goto L2;
											}
										} else {
											if(_t522 == 0x63dbfd2) {
												_t522 = 0x8a8e175;
												continue;
											} else {
												if(_t522 != 0x8a8e175) {
													L30:
													if(_t522 != 0xfb7e38f) {
														_t442 = _v144;
														goto L3;
													}
												} else {
													_push(_t476);
													_push(_t476);
													_t442 = E02BBC5D8(0x20000);
													_t464 = _t442;
													_t528 =  &(_t528[3]);
													if(_t464 != 0) {
														_t522 = 0x965da6a;
														while(1) {
															L1:
															_t442 = _v144;
															L2:
															L3:
															_t476 = _v160;
															goto L4;
														}
													}
												}
											}
										}
									}
								}
								L33:
								return _t442;
								goto L34;
							}
							if(_t522 == 0x965da6a) {
								_push(_t476);
								_push(_t476);
								_t442 = E02BBC5D8(0x2000);
								_t526 = _t442;
								_t528 =  &(_t528[3]);
								if(_t442 == 0) {
									_t522 = 0x93283d2;
									goto L29;
								} else {
									_t522 = 0x6c245;
									goto L1;
								}
							} else {
								if(_t522 == 0xbf0ab43) {
									E02BBC3A7(_v100, _a8, _v108, _v184, _t526, _v36, _v44);
									_t528 =  &(_t528[5]);
									goto L25;
								} else {
									if(_t522 == 0xced26bb) {
										_t519 = _t519 + 0x2c;
										asm("sbb esi, esi");
										_t522 = (_t522 & 0xfebda1a8) + 0x635125b;
										goto L4;
									} else {
										if(_t522 == _t511) {
											E02BCFD4E(_v124, _v140, _v32, _v28,  &_v4, _v72, _t476, _v104, _t526);
											_t522 =  !=  ? 0xbf0ab43 : 0xced26bb;
											_t442 = E02BB3046(_v52, _v192, _v60, _v160, _v116);
											_t528 =  &(_t528[0xb]);
											L29:
											_t511 = 0xe34a72e;
										}
										goto L30;
									}
								}
							}
							goto L33;
						}
					}
				}
			}








































































                                                                                                          0x02bcb261
                                                                                                          0x02bcb26a
                                                                                                          0x02bcb271
                                                                                                          0x02bcb278
                                                                                                          0x02bcb279
                                                                                                          0x02bcb27a
                                                                                                          0x02bcb27f
                                                                                                          0x02bcb287
                                                                                                          0x02bcb28a
                                                                                                          0x02bcb294
                                                                                                          0x02bcb29c
                                                                                                          0x02bcb29e
                                                                                                          0x02bcb2a6
                                                                                                          0x02bcb2a8
                                                                                                          0x02bcb2b0
                                                                                                          0x02bcb2b5
                                                                                                          0x02bcb2ba
                                                                                                          0x02bcb2bf
                                                                                                          0x02bcb2c4
                                                                                                          0x02bcb2d9
                                                                                                          0x02bcb2dc
                                                                                                          0x02bcb2e3
                                                                                                          0x02bcb2ee
                                                                                                          0x02bcb2fb
                                                                                                          0x02bcb2ff
                                                                                                          0x02bcb307
                                                                                                          0x02bcb30f
                                                                                                          0x02bcb317
                                                                                                          0x02bcb31f
                                                                                                          0x02bcb324
                                                                                                          0x02bcb32c
                                                                                                          0x02bcb334
                                                                                                          0x02bcb33c
                                                                                                          0x02bcb352
                                                                                                          0x02bcb359
                                                                                                          0x02bcb364
                                                                                                          0x02bcb36f
                                                                                                          0x02bcb377
                                                                                                          0x02bcb37c
                                                                                                          0x02bcb384
                                                                                                          0x02bcb38c
                                                                                                          0x02bcb394
                                                                                                          0x02bcb399
                                                                                                          0x02bcb3a5
                                                                                                          0x02bcb3a8
                                                                                                          0x02bcb3ac
                                                                                                          0x02bcb3b4
                                                                                                          0x02bcb3bf
                                                                                                          0x02bcb3ca
                                                                                                          0x02bcb3d5
                                                                                                          0x02bcb3e0
                                                                                                          0x02bcb3e8
                                                                                                          0x02bcb3f0
                                                                                                          0x02bcb3f8
                                                                                                          0x02bcb400
                                                                                                          0x02bcb40d
                                                                                                          0x02bcb411
                                                                                                          0x02bcb419
                                                                                                          0x02bcb421
                                                                                                          0x02bcb429
                                                                                                          0x02bcb434
                                                                                                          0x02bcb43f
                                                                                                          0x02bcb44a
                                                                                                          0x02bcb452
                                                                                                          0x02bcb457
                                                                                                          0x02bcb45f
                                                                                                          0x02bcb469
                                                                                                          0x02bcb471
                                                                                                          0x02bcb479
                                                                                                          0x02bcb481
                                                                                                          0x02bcb489
                                                                                                          0x02bcb497
                                                                                                          0x02bcb49c
                                                                                                          0x02bcb4a2
                                                                                                          0x02bcb4af
                                                                                                          0x02bcb4b2
                                                                                                          0x02bcb4b6
                                                                                                          0x02bcb4be
                                                                                                          0x02bcb4c9
                                                                                                          0x02bcb4dc
                                                                                                          0x02bcb4e3
                                                                                                          0x02bcb4ee
                                                                                                          0x02bcb4f6
                                                                                                          0x02bcb4fb
                                                                                                          0x02bcb503
                                                                                                          0x02bcb50b
                                                                                                          0x02bcb513
                                                                                                          0x02bcb518
                                                                                                          0x02bcb51c
                                                                                                          0x02bcb524
                                                                                                          0x02bcb528
                                                                                                          0x02bcb52d
                                                                                                          0x02bcb535
                                                                                                          0x02bcb540
                                                                                                          0x02bcb54b
                                                                                                          0x02bcb553
                                                                                                          0x02bcb55e
                                                                                                          0x02bcb569
                                                                                                          0x02bcb571
                                                                                                          0x02bcb57c
                                                                                                          0x02bcb584
                                                                                                          0x02bcb58e
                                                                                                          0x02bcb591
                                                                                                          0x02bcb595
                                                                                                          0x02bcb59d
                                                                                                          0x02bcb5a5
                                                                                                          0x02bcb5b0
                                                                                                          0x02bcb5bb
                                                                                                          0x02bcb5c6
                                                                                                          0x02bcb5d9
                                                                                                          0x02bcb5e0
                                                                                                          0x02bcb5eb
                                                                                                          0x02bcb5fb
                                                                                                          0x02bcb5ff
                                                                                                          0x02bcb607
                                                                                                          0x02bcb60f
                                                                                                          0x02bcb61b
                                                                                                          0x02bcb61e
                                                                                                          0x02bcb627
                                                                                                          0x02bcb62b
                                                                                                          0x02bcb633
                                                                                                          0x02bcb63b
                                                                                                          0x02bcb640
                                                                                                          0x02bcb648
                                                                                                          0x02bcb650
                                                                                                          0x02bcb65b
                                                                                                          0x02bcb663
                                                                                                          0x02bcb670
                                                                                                          0x02bcb67b
                                                                                                          0x02bcb683
                                                                                                          0x02bcb68e
                                                                                                          0x02bcb6a3
                                                                                                          0x02bcb6a6
                                                                                                          0x02bcb6ad
                                                                                                          0x02bcb6b8
                                                                                                          0x02bcb6c3
                                                                                                          0x02bcb6d9
                                                                                                          0x02bcb6e0
                                                                                                          0x02bcb6eb
                                                                                                          0x02bcb6f3
                                                                                                          0x02bcb6fb
                                                                                                          0x02bcb704
                                                                                                          0x02bcb709
                                                                                                          0x02bcb70f
                                                                                                          0x02bcb717
                                                                                                          0x02bcb722
                                                                                                          0x02bcb72d
                                                                                                          0x02bcb738
                                                                                                          0x02bcb740
                                                                                                          0x02bcb745
                                                                                                          0x02bcb74d
                                                                                                          0x02bcb755
                                                                                                          0x02bcb75d
                                                                                                          0x02bcb762
                                                                                                          0x02bcb76a
                                                                                                          0x02bcb772
                                                                                                          0x02bcb77a
                                                                                                          0x02bcb782
                                                                                                          0x02bcb78a
                                                                                                          0x02bcb792
                                                                                                          0x02bcb79a
                                                                                                          0x02bcb7a5
                                                                                                          0x02bcb7b0
                                                                                                          0x02bcb7bb
                                                                                                          0x02bcb7c6
                                                                                                          0x02bcb7ce
                                                                                                          0x02bcb7d9
                                                                                                          0x02bcb7e1
                                                                                                          0x02bcb7e9
                                                                                                          0x02bcb7f3
                                                                                                          0x02bcb7f6
                                                                                                          0x02bcb7fa
                                                                                                          0x02bcb802
                                                                                                          0x02bcb80a
                                                                                                          0x02bcb80f
                                                                                                          0x02bcb81f
                                                                                                          0x02bcb823
                                                                                                          0x02bcb82b
                                                                                                          0x02bcb836
                                                                                                          0x02bcb841
                                                                                                          0x02bcb84c
                                                                                                          0x02bcb854
                                                                                                          0x02bcb85c
                                                                                                          0x02bcb864
                                                                                                          0x02bcb86c
                                                                                                          0x02bcb874
                                                                                                          0x02bcb880
                                                                                                          0x02bcb883
                                                                                                          0x02bcb88f
                                                                                                          0x02bcb893
                                                                                                          0x02bcb89b
                                                                                                          0x02bcb8a3
                                                                                                          0x02bcb8ab
                                                                                                          0x02bcb8b3
                                                                                                          0x02bcb8bb
                                                                                                          0x02bcb8c2
                                                                                                          0x02bcb8c2
                                                                                                          0x02bcb8c2
                                                                                                          0x02bcb8c6
                                                                                                          0x02bcb8c6
                                                                                                          0x02bcb8cb
                                                                                                          0x02bcb8cb
                                                                                                          0x02bcb8cb
                                                                                                          0x02bcb8cf
                                                                                                          0x02bcb8cf
                                                                                                          0x02bcb8cf
                                                                                                          0x02bcb8d5
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bcb8db
                                                                                                          0x00000000
                                                                                                          0x02bcbb8a
                                                                                                          0x02bcb8e7
                                                                                                          0x02bcb9c3
                                                                                                          0x02bcb9c4
                                                                                                          0x02bcb9c5
                                                                                                          0x02bcb9c6
                                                                                                          0x02bcb9cd
                                                                                                          0x02bcb9d1
                                                                                                          0x02bcb9d5
                                                                                                          0x02bcb9dc
                                                                                                          0x02bcb9dd
                                                                                                          0x02bcb9e1
                                                                                                          0x02bcb9e2
                                                                                                          0x02bcb9f3
                                                                                                          0x02bcba01
                                                                                                          0x02bcba08
                                                                                                          0x02bcba0d
                                                                                                          0x02bcba12
                                                                                                          0x02bcbb1f
                                                                                                          0x02bcbb1f
                                                                                                          0x02bcb8c2
                                                                                                          0x02bcb8c2
                                                                                                          0x02bcb8c2
                                                                                                          0x00000000
                                                                                                          0x02bcb8c2
                                                                                                          0x02bcba18
                                                                                                          0x02bcba1f
                                                                                                          0x02bcba27
                                                                                                          0x02bcba39
                                                                                                          0x02bcba3d
                                                                                                          0x02bcba41
                                                                                                          0x00000000
                                                                                                          0x02bcba41
                                                                                                          0x00000000
                                                                                                          0x02bcb8ed
                                                                                                          0x02bcb8f3
                                                                                                          0x02bcb99b
                                                                                                          0x02bcb99d
                                                                                                          0x02bcb9a0
                                                                                                          0x02bcb9ab
                                                                                                          0x02bcb9af
                                                                                                          0x02bcb9b4
                                                                                                          0x00000000
                                                                                                          0x02bcb8f5
                                                                                                          0x02bcb8fb
                                                                                                          0x02bcb95f
                                                                                                          0x02bcb966
                                                                                                          0x02bcb8c2
                                                                                                          0x02bcb8c2
                                                                                                          0x02bcb8c2
                                                                                                          0x00000000
                                                                                                          0x02bcb8c2
                                                                                                          0x02bcb8fd
                                                                                                          0x02bcb903
                                                                                                          0x02bcb947
                                                                                                          0x00000000
                                                                                                          0x02bcb905
                                                                                                          0x02bcb90b
                                                                                                          0x02bcbb65
                                                                                                          0x02bcbb6b
                                                                                                          0x02bcbb6d
                                                                                                          0x00000000
                                                                                                          0x02bcbb6d
                                                                                                          0x02bcb911
                                                                                                          0x02bcb924
                                                                                                          0x02bcb925
                                                                                                          0x02bcb92b
                                                                                                          0x02bcb930
                                                                                                          0x02bcb932
                                                                                                          0x02bcb937
                                                                                                          0x02bcb93d
                                                                                                          0x02bcb8c2
                                                                                                          0x02bcb8c2
                                                                                                          0x02bcb8c2
                                                                                                          0x02bcb8c6
                                                                                                          0x02bcb8cb
                                                                                                          0x02bcb8cb
                                                                                                          0x00000000
                                                                                                          0x02bcb8cb
                                                                                                          0x02bcb8c2
                                                                                                          0x02bcb937
                                                                                                          0x02bcb90b
                                                                                                          0x02bcb903
                                                                                                          0x02bcb8fb
                                                                                                          0x02bcb8f3
                                                                                                          0x02bcbb95
                                                                                                          0x02bcbb95
                                                                                                          0x00000000
                                                                                                          0x02bcbb95
                                                                                                          0x02bcba4f
                                                                                                          0x02bcbb3c
                                                                                                          0x02bcbb3d
                                                                                                          0x02bcbb43
                                                                                                          0x02bcbb48
                                                                                                          0x02bcbb4a
                                                                                                          0x02bcbb4f
                                                                                                          0x02bcbb5b
                                                                                                          0x00000000
                                                                                                          0x02bcbb51
                                                                                                          0x02bcbb51
                                                                                                          0x00000000
                                                                                                          0x02bcbb51
                                                                                                          0x02bcba55
                                                                                                          0x02bcba5b
                                                                                                          0x02bcbb17
                                                                                                          0x02bcbb1c
                                                                                                          0x00000000
                                                                                                          0x02bcba61
                                                                                                          0x02bcba67
                                                                                                          0x02bcbada
                                                                                                          0x02bcbadf
                                                                                                          0x02bcbae7
                                                                                                          0x00000000
                                                                                                          0x02bcba69
                                                                                                          0x02bcba6b
                                                                                                          0x02bcba9c
                                                                                                          0x02bcbac3
                                                                                                          0x02bcbacd
                                                                                                          0x02bcbad2
                                                                                                          0x02bcbb60
                                                                                                          0x02bcbb60
                                                                                                          0x02bcbb60
                                                                                                          0x00000000
                                                                                                          0x02bcba6b
                                                                                                          0x02bcba67
                                                                                                          0x02bcba5b
                                                                                                          0x00000000
                                                                                                          0x02bcba4f
                                                                                                          0x02bcb8cb
                                                                                                          0x02bcb8c6

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: s4$&-$+V$E!$[7$[D$bu${u$B
                                                                                                          • API String ID: 0-2389712741
                                                                                                          • Opcode ID: ef6ac798c9392941f1a0e429090c8fbff63c34f89c27df27b1f91d65bd96e706
                                                                                                          • Instruction ID: f30d54b8d07e1ee206f51f9e72d349f30c887d65abc5d4ad0243dd41876cb678
                                                                                                          • Opcode Fuzzy Hash: ef6ac798c9392941f1a0e429090c8fbff63c34f89c27df27b1f91d65bd96e706
                                                                                                          • Instruction Fuzzy Hash: E22204B250D3809FD368CF25C98AA5BBBE2FBC4708F10891DE5D996260D7B19949CF43
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BBC6B8, Relevance: 11.7, Strings: 9, Instructions: 423COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 95%
                                                                                                          			E02BBC6B8() {
				char _v520;
				char _v1040;
				char _v1560;
				char _v1564;
				signed int _v1568;
				signed int _v1572;
				signed int _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				signed int _v1708;
				signed int _v1712;
				signed int _v1716;
				signed int _v1720;
				signed int _v1724;
				signed int _v1728;
				signed int _v1732;
				signed int _v1736;
				signed int _v1740;
				signed int _v1744;
				signed int _v1748;
				signed int _v1752;
				signed int _v1756;
				signed int _v1760;
				signed int _v1764;
				void* _t478;
				void* _t479;
				intOrPtr _t482;
				intOrPtr _t486;
				signed int _t494;
				intOrPtr* _t497;
				signed int _t501;
				intOrPtr _t502;
				intOrPtr* _t503;
				signed int _t504;
				signed int _t505;
				signed int _t506;
				signed int _t507;
				signed int _t508;
				signed int _t509;
				signed int _t510;
				signed int _t511;
				signed int _t512;
				void* _t513;
				void* _t522;
				void* _t562;
				signed int _t564;
				signed int* _t568;

				_t568 =  &_v1764;
				_v1588 = 0x57daab;
				_v1588 = _v1588 + 0x535a;
				_v1588 = _v1588 ^ 0x00582e2c;
				_v1756 = 0x11011b;
				_v1756 = _v1756 | 0x986fcb94;
				_v1756 = _v1756 + 0xffff0812;
				_v1756 = _v1756 | 0x2bc6aa33;
				_v1756 = _v1756 ^ 0x3bfefbb2;
				_v1652 = 0x5adeab;
				_v1652 = _v1652 + 0xffff93f0;
				_v1652 = _v1652 ^ 0xbf2e951e;
				_v1652 = _v1652 ^ 0xbf74e787;
				_v1668 = 0x1eca4f;
				_v1668 = _v1668 + 0x52c;
				_v1568 = 0;
				_v1668 = _v1668 * 0xb;
				_t562 = 0xbc1c7ad;
				_v1668 = _v1668 ^ 0x0152ea48;
				_v1584 = 0x89d737;
				_v1584 = _v1584 + 0xffff9374;
				_v1584 = _v1584 ^ 0x0082a8e0;
				_v1672 = 0x7da8ac;
				_v1672 = _v1672 >> 0xf;
				_v1672 = _v1672 | 0x438c492a;
				_v1672 = _v1672 ^ 0x438e7d89;
				_v1636 = 0xa2c3bd;
				_v1636 = _v1636 << 3;
				_v1636 = _v1636 ^ 0x051ae408;
				_v1720 = 0x328717;
				_v1720 = _v1720 << 0xc;
				_v1720 = _v1720 << 0xd;
				_v1720 = _v1720 + 0x9e9a;
				_v1720 = _v1720 ^ 0x2e0b4663;
				_v1760 = 0x4b7b55;
				_t57 =  &_v1760; // 0x4b7b55
				_t504 = 0x6f;
				_v1760 =  *_t57 / _t504;
				_v1760 = _v1760 >> 0xb;
				_t505 = 0x66;
				_t564 = 6;
				_push("true");
				_v1760 = _v1760 * 0x46;
				_v1760 = _v1760 ^ 0x00015e15;
				_v1740 = 0xf42b27;
				_v1740 = _v1740 / _t505;
				_pop(_t506);
				_v1740 = _v1740 * 0x3b;
				_v1740 = _v1740 / _t564;
				_v1740 = _v1740 ^ 0x00118050;
				_v1680 = 0x69fb04;
				_v1680 = _v1680 / _t506;
				_v1680 = _v1680 + 0x2a45;
				_v1680 = _v1680 ^ 0x000477f2;
				_v1624 = 0xeefab1;
				_v1624 = _v1624 << 0xb;
				_v1624 = _v1624 ^ 0x77d908fd;
				_v1688 = 0x983026;
				_v1688 = _v1688 ^ 0xf9038374;
				_v1688 = _v1688 << 1;
				_v1688 = _v1688 ^ 0xf3384871;
				_v1656 = 0xbd9fd7;
				_v1656 = _v1656 | 0x34570662;
				_v1656 = _v1656 << 0xf;
				_v1656 = _v1656 ^ 0xcff19553;
				_v1724 = 0xb73e9;
				_v1724 = _v1724 + 0xffff2aba;
				_t507 = 0x1b;
				_v1724 = _v1724 * 0x2b;
				_v1724 = _v1724 + 0xffffc5c3;
				_v1724 = _v1724 ^ 0x01cec31d;
				_v1732 = 0xfb07a0;
				_v1732 = _v1732 + 0xfffff0a2;
				_v1732 = _v1732 ^ 0xe8e4881c;
				_v1732 = _v1732 + 0xfffffa8c;
				_v1732 = _v1732 ^ 0xe819b6c9;
				_v1664 = 0x98c4f6;
				_v1664 = _v1664 / _t507;
				_v1664 = _v1664 + 0xffffc9a9;
				_v1664 = _v1664 ^ 0x000722b9;
				_v1704 = 0x7b43f4;
				_v1704 = _v1704 + 0x33bf;
				_v1704 = _v1704 ^ 0xbdcd0236;
				_v1704 = _v1704 ^ 0xbdbcc173;
				_v1600 = 0x907d1c;
				_v1600 = _v1600 >> 0xa;
				_v1600 = _v1600 ^ 0x000f3001;
				_v1608 = 0x549b29;
				_v1608 = _v1608 + 0xffff560f;
				_v1608 = _v1608 ^ 0x005a0ce7;
				_v1648 = 0x53669a;
				_t508 = 0x60;
				_v1648 = _v1648 * 0x53;
				_v1648 = _v1648 * 0x2d;
				_v1648 = _v1648 ^ 0xc0c27601;
				_v1616 = 0xf6b3f;
				_v1616 = _v1616 << 0xf;
				_v1616 = _v1616 ^ 0xb591763f;
				_v1712 = 0xd11a2f;
				_v1712 = _v1712 >> 3;
				_v1712 = _v1712 + 0x34a7;
				_v1712 = _v1712 + 0xffffa6d8;
				_v1712 = _v1712 ^ 0x001715b5;
				_v1744 = 0x782a81;
				_v1744 = _v1744 >> 5;
				_v1744 = _v1744 >> 3;
				_v1744 = _v1744 * 0x57;
				_v1744 = _v1744 ^ 0x00239f7e;
				_v1728 = 0xdf27c0;
				_v1728 = _v1728 + 0xb655;
				_v1728 = _v1728 >> 0xf;
				_v1728 = _v1728 | 0x1084c50a;
				_v1728 = _v1728 ^ 0x10890bcf;
				_v1612 = 0xd31e5c;
				_v1612 = _v1612 / _t508;
				_v1612 = _v1612 ^ 0x000f28c0;
				_v1640 = 0xad59ab;
				_v1640 = _v1640 ^ 0x540bc483;
				_v1640 = _v1640 ^ 0x54aa6eab;
				_v1596 = 0xfc600e;
				_v1596 = _v1596 << 1;
				_v1596 = _v1596 ^ 0x01f16920;
				_v1676 = 0x70f7b6;
				_v1676 = _v1676 >> 1;
				_v1676 = _v1676 | 0x834faa8e;
				_v1676 = _v1676 ^ 0x837cfefc;
				_v1580 = 0xc67f49;
				_v1580 = _v1580 ^ 0x220388f4;
				_v1580 = _v1580 ^ 0x22cc2a29;
				_v1604 = 0xf53a42;
				_v1604 = _v1604 + 0x1d20;
				_v1604 = _v1604 ^ 0x00fba671;
				_v1764 = 0x3c20a1;
				_v1764 = _v1764 << 0xa;
				_v1764 = _v1764 | 0xcc5879dc;
				_v1764 = _v1764 + 0x7d87;
				_v1764 = _v1764 ^ 0xfcd01767;
				_v1736 = 0xfcd131;
				_v1736 = _v1736 | 0xb098ccc9;
				_v1736 = _v1736 + 0x1f04;
				_v1736 = _v1736 | 0xe0e1c446;
				_v1736 = _v1736 ^ 0xf0fbfa39;
				_v1684 = 0x6ca78a;
				_v1684 = _v1684 >> 0xd;
				_t509 = 0x5d;
				_v1684 = _v1684 / _t509;
				_v1684 = _v1684 ^ 0x00062aae;
				_v1576 = 0x28ea20;
				_t510 = 0x2d;
				_v1576 = _v1576 / _t510;
				_v1576 = _v1576 ^ 0x000e137d;
				_v1632 = 0x34444a;
				_v1632 = _v1632 + 0xb7da;
				_v1632 = _v1632 ^ 0x00330b1f;
				_v1748 = 0x707d69;
				_v1748 = _v1748 << 0xb;
				_v1748 = _v1748 ^ 0xb1536161;
				_v1748 = _v1748 + 0xffff04ff;
				_v1748 = _v1748 ^ 0x32b99598;
				_v1696 = 0x3e2d26;
				_v1696 = _v1696 + 0x9f8b;
				_v1696 = _v1696 + 0xf840;
				_v1696 = _v1696 ^ 0x00305f5f;
				_v1700 = 0x43ad40;
				_t511 = 0x7e;
				_v1700 = _v1700 / _t511;
				_v1700 = _v1700 + 0x17b0;
				_v1700 = _v1700 ^ 0x000023e6;
				_v1628 = 0x615af9;
				_v1628 = _v1628 | 0xc5f525fd;
				_v1628 = _v1628 ^ 0xc5f01915;
				_v1752 = 0xf7a5b1;
				_v1752 = _v1752 | 0xfe49737c;
				_v1752 = _v1752 + 0x9fc0;
				_v1752 = _v1752 ^ 0x9fa1c746;
				_v1752 = _v1752 ^ 0x60a54bb7;
				_v1572 = 0x7bbdbf;
				_t512 = 0xe;
				_v1572 = _v1572 * 0x2d;
				_v1572 = _v1572 ^ 0x15c0521a;
				_v1620 = 0xd84802;
				_v1620 = _v1620 ^ 0x3749a239;
				_v1620 = _v1620 ^ 0x37909643;
				_v1644 = 0xebc394;
				_v1644 = _v1644 << 8;
				_v1644 = _v1644 ^ 0xebca8902;
				_v1692 = 0x3d115c;
				_v1692 = _v1692 ^ 0xaeae6a77;
				_v1692 = _v1692 >> 0x10;
				_v1692 = _v1692 ^ 0x000f7307;
				_v1660 = 0x8a3dcc;
				_v1660 = _v1660 ^ 0x1263d9af;
				_v1660 = _v1660 / _t512;
				_v1660 = _v1660 ^ 0x015f4699;
				_v1592 = 0x64d88c;
				_v1592 = _v1592 ^ 0xc97cb881;
				_v1592 = _v1592 ^ 0xc91c2e76;
				_v1708 = 0x9c1e71;
				_v1708 = _v1708 ^ 0xd16e05af;
				_v1708 = _v1708 | 0x50445732;
				_v1708 = _v1708 << 5;
				_v1708 = _v1708 ^ 0x3ec99884;
				_v1716 = 0xd3e518;
				_v1716 = _v1716 + 0xffff72ee;
				_t501 = _v1568;
				_v1716 = _v1716 / _t564;
				_v1716 = _v1716 << 0xa;
				_v1716 = _v1716 ^ 0x8cea7ffc;
				while(1) {
					L1:
					_t513 = 0x5c;
					while(1) {
						L2:
						_t478 = 0x5243326;
						do {
							L3:
							if(_t562 == 0x22d4857) {
								_push(_v1688);
								_push(_v1624);
								_push(_v1680);
								_t479 = E02BCE1F8(0x2bb1030, _v1740, __eflags);
								E02BB7078( &_v520, __eflags);
								_t482 =  *0x2bd6214; // 0x0
								_t486 =  *0x2bd6214; // 0x0
								__eflags = _t486 + 0x34;
								E02BBF96F(_v1656, _t486 + 0x34, _t486 + 0x34, _t479,  &_v520, _v1724,  &_v1560, _t482 + 0x23c, _v1732, _v1664, _v1704,  &_v1040);
								E02BCFECB(_t479, _v1600, _v1608, _v1648, _v1616);
								_t568 =  &(_t568[0x10]);
								_t562 = 0x6f5d8c5;
								goto L19;
							} else {
								if(_t562 == 0x3a11f46) {
									_push(_v1612);
									_push(_v1728);
									_push(_v1744);
									__eflags = E02BB2DEA(_v1640,  &_v1564, _v1596, 0x2bb10a0, _v1756, _v1676, 0x2bb10a0, 0x2bb10a0, _v1580, _v1604, 0x2bb10a0, 0x2bb10a0, _v1652, _v1764, _v1736, _v1684, _v1576, E02BCE1F8(0x2bb10a0, _v1712, __eflags));
									_t562 =  ==  ? 0x5243326 : 0xbc3e7f;
									E02BCFECB(_t490, _v1632, _v1748, _v1696, _v1700);
									_t568 =  &(_t568[0x16]);
									L19:
									_t478 = 0x5243326;
									_t513 = 0x5c;
									goto L20;
								} else {
									if(_t562 == _t478) {
										_t494 = E02BC00C5( &_v1560, _v1628, _v1752);
										_pop(_t522);
										_t497 = E02BC2CD9(_v1572, _t501,  &_v1560, _t522, _v1564, _v1668, _v1620, 2 + _t494 * 2, _v1644, _v1692, _v1660);
										_t568 =  &(_t568[9]);
										__eflags = _t497;
										_t562 = 0xcd5a5d6;
										_v1568 = 0 | __eflags == 0x00000000;
										goto L1;
									} else {
										if(_t562 == 0x6f5d8c5) {
											_t502 =  *0x2bd6214; // 0x0
											_t503 = _t502 + 0x23c;
											while(1) {
												__eflags =  *_t503 - _t513;
												if(__eflags == 0) {
													break;
												}
												_t503 = _t503 + 2;
												__eflags = _t503;
											}
											_t501 = _t503 + 2;
											_t562 = 0x3a11f46;
											goto L2;
										} else {
											if(_t562 == 0xbc1c7ad) {
												E02BB1A34(_v1584,  &_v1040, _t513, _t513, _v1672, _v1636, _v1720, _t513, _v1588, _v1760);
												_t568 =  &(_t568[8]);
												_t562 = 0x22d4857;
												while(1) {
													L1:
													_t513 = 0x5c;
													L2:
													_t478 = 0x5243326;
													goto L3;
												}
											} else {
												if(_t562 != 0xcd5a5d6) {
													goto L20;
												} else {
													E02BB53D0(_v1592, _v1708, _v1716, _v1564);
												}
											}
										}
									}
								}
							}
							L10:
							return _v1568;
							L20:
							__eflags = _t562 - 0xbc3e7f;
						} while (__eflags != 0);
						goto L10;
					}
				}
			}
















































































                                                                                                          0x02bbc6b8
                                                                                                          0x02bbc6be
                                                                                                          0x02bbc6cb
                                                                                                          0x02bbc6d8
                                                                                                          0x02bbc6e3
                                                                                                          0x02bbc6eb
                                                                                                          0x02bbc6f3
                                                                                                          0x02bbc6fb
                                                                                                          0x02bbc703
                                                                                                          0x02bbc70b
                                                                                                          0x02bbc713
                                                                                                          0x02bbc71b
                                                                                                          0x02bbc723
                                                                                                          0x02bbc72b
                                                                                                          0x02bbc733
                                                                                                          0x02bbc73b
                                                                                                          0x02bbc74b
                                                                                                          0x02bbc74f
                                                                                                          0x02bbc754
                                                                                                          0x02bbc75c
                                                                                                          0x02bbc767
                                                                                                          0x02bbc772
                                                                                                          0x02bbc77d
                                                                                                          0x02bbc785
                                                                                                          0x02bbc78a
                                                                                                          0x02bbc792
                                                                                                          0x02bbc79a
                                                                                                          0x02bbc7a5
                                                                                                          0x02bbc7ad
                                                                                                          0x02bbc7b8
                                                                                                          0x02bbc7c0
                                                                                                          0x02bbc7c5
                                                                                                          0x02bbc7ca
                                                                                                          0x02bbc7d2
                                                                                                          0x02bbc7da
                                                                                                          0x02bbc7e2
                                                                                                          0x02bbc7e8
                                                                                                          0x02bbc7ed
                                                                                                          0x02bbc7f3
                                                                                                          0x02bbc7fd
                                                                                                          0x02bbc800
                                                                                                          0x02bbc801
                                                                                                          0x02bbc803
                                                                                                          0x02bbc807
                                                                                                          0x02bbc80f
                                                                                                          0x02bbc81f
                                                                                                          0x02bbc828
                                                                                                          0x02bbc829
                                                                                                          0x02bbc835
                                                                                                          0x02bbc839
                                                                                                          0x02bbc841
                                                                                                          0x02bbc84f
                                                                                                          0x02bbc853
                                                                                                          0x02bbc85b
                                                                                                          0x02bbc863
                                                                                                          0x02bbc86e
                                                                                                          0x02bbc876
                                                                                                          0x02bbc881
                                                                                                          0x02bbc889
                                                                                                          0x02bbc891
                                                                                                          0x02bbc895
                                                                                                          0x02bbc89f
                                                                                                          0x02bbc8a7
                                                                                                          0x02bbc8af
                                                                                                          0x02bbc8b4
                                                                                                          0x02bbc8bc
                                                                                                          0x02bbc8c4
                                                                                                          0x02bbc8d3
                                                                                                          0x02bbc8d6
                                                                                                          0x02bbc8da
                                                                                                          0x02bbc8e2
                                                                                                          0x02bbc8ea
                                                                                                          0x02bbc8f2
                                                                                                          0x02bbc8fa
                                                                                                          0x02bbc902
                                                                                                          0x02bbc90a
                                                                                                          0x02bbc912
                                                                                                          0x02bbc922
                                                                                                          0x02bbc926
                                                                                                          0x02bbc92e
                                                                                                          0x02bbc936
                                                                                                          0x02bbc93e
                                                                                                          0x02bbc946
                                                                                                          0x02bbc94e
                                                                                                          0x02bbc956
                                                                                                          0x02bbc961
                                                                                                          0x02bbc969
                                                                                                          0x02bbc974
                                                                                                          0x02bbc97f
                                                                                                          0x02bbc98a
                                                                                                          0x02bbc995
                                                                                                          0x02bbc9a8
                                                                                                          0x02bbc9a9
                                                                                                          0x02bbc9b8
                                                                                                          0x02bbc9bf
                                                                                                          0x02bbc9ca
                                                                                                          0x02bbc9d5
                                                                                                          0x02bbc9dd
                                                                                                          0x02bbc9e8
                                                                                                          0x02bbc9f0
                                                                                                          0x02bbc9f5
                                                                                                          0x02bbc9fd
                                                                                                          0x02bbca05
                                                                                                          0x02bbca0d
                                                                                                          0x02bbca15
                                                                                                          0x02bbca1a
                                                                                                          0x02bbca24
                                                                                                          0x02bbca28
                                                                                                          0x02bbca30
                                                                                                          0x02bbca38
                                                                                                          0x02bbca40
                                                                                                          0x02bbca45
                                                                                                          0x02bbca4d
                                                                                                          0x02bbca55
                                                                                                          0x02bbca69
                                                                                                          0x02bbca70
                                                                                                          0x02bbca7b
                                                                                                          0x02bbca86
                                                                                                          0x02bbca91
                                                                                                          0x02bbca9c
                                                                                                          0x02bbcaa7
                                                                                                          0x02bbcaae
                                                                                                          0x02bbcab9
                                                                                                          0x02bbcac1
                                                                                                          0x02bbcac5
                                                                                                          0x02bbcacd
                                                                                                          0x02bbcad5
                                                                                                          0x02bbcae0
                                                                                                          0x02bbcaeb
                                                                                                          0x02bbcaf6
                                                                                                          0x02bbcb03
                                                                                                          0x02bbcb0e
                                                                                                          0x02bbcb19
                                                                                                          0x02bbcb21
                                                                                                          0x02bbcb26
                                                                                                          0x02bbcb2e
                                                                                                          0x02bbcb36
                                                                                                          0x02bbcb3e
                                                                                                          0x02bbcb46
                                                                                                          0x02bbcb4e
                                                                                                          0x02bbcb56
                                                                                                          0x02bbcb5e
                                                                                                          0x02bbcb66
                                                                                                          0x02bbcb6e
                                                                                                          0x02bbcb79
                                                                                                          0x02bbcb7e
                                                                                                          0x02bbcb84
                                                                                                          0x02bbcb8c
                                                                                                          0x02bbcb9e
                                                                                                          0x02bbcba3
                                                                                                          0x02bbcbac
                                                                                                          0x02bbcbb7
                                                                                                          0x02bbcbc2
                                                                                                          0x02bbcbcd
                                                                                                          0x02bbcbd8
                                                                                                          0x02bbcbe0
                                                                                                          0x02bbcbe5
                                                                                                          0x02bbcbed
                                                                                                          0x02bbcbf5
                                                                                                          0x02bbcbfd
                                                                                                          0x02bbcc05
                                                                                                          0x02bbcc0d
                                                                                                          0x02bbcc15
                                                                                                          0x02bbcc1d
                                                                                                          0x02bbcc29
                                                                                                          0x02bbcc2e
                                                                                                          0x02bbcc34
                                                                                                          0x02bbcc3c
                                                                                                          0x02bbcc44
                                                                                                          0x02bbcc4f
                                                                                                          0x02bbcc5a
                                                                                                          0x02bbcc65
                                                                                                          0x02bbcc6d
                                                                                                          0x02bbcc75
                                                                                                          0x02bbcc7d
                                                                                                          0x02bbcc85
                                                                                                          0x02bbcc8d
                                                                                                          0x02bbcca0
                                                                                                          0x02bbcca1
                                                                                                          0x02bbcca8
                                                                                                          0x02bbccb3
                                                                                                          0x02bbccbe
                                                                                                          0x02bbccc9
                                                                                                          0x02bbccd4
                                                                                                          0x02bbccdf
                                                                                                          0x02bbcce7
                                                                                                          0x02bbccf2
                                                                                                          0x02bbccfa
                                                                                                          0x02bbcd02
                                                                                                          0x02bbcd07
                                                                                                          0x02bbcd0f
                                                                                                          0x02bbcd17
                                                                                                          0x02bbcd25
                                                                                                          0x02bbcd29
                                                                                                          0x02bbcd33
                                                                                                          0x02bbcd43
                                                                                                          0x02bbcd4e
                                                                                                          0x02bbcd59
                                                                                                          0x02bbcd61
                                                                                                          0x02bbcd69
                                                                                                          0x02bbcd71
                                                                                                          0x02bbcd76
                                                                                                          0x02bbcd7e
                                                                                                          0x02bbcd86
                                                                                                          0x02bbcd94
                                                                                                          0x02bbcd9b
                                                                                                          0x02bbcd9f
                                                                                                          0x02bbcda4
                                                                                                          0x02bbcdac
                                                                                                          0x02bbcdac
                                                                                                          0x02bbcdae
                                                                                                          0x02bbcdaf
                                                                                                          0x02bbcdaf
                                                                                                          0x02bbcdaf
                                                                                                          0x02bbcdb4
                                                                                                          0x02bbcdb4
                                                                                                          0x02bbcdba
                                                                                                          0x02bbcfa1
                                                                                                          0x02bbcfaa
                                                                                                          0x02bbcfb1
                                                                                                          0x02bbcfb9
                                                                                                          0x02bbcfc7
                                                                                                          0x02bbcfe8
                                                                                                          0x02bbd00e
                                                                                                          0x02bbd013
                                                                                                          0x02bbd018
                                                                                                          0x02bbd03b
                                                                                                          0x02bbd040
                                                                                                          0x02bbd043
                                                                                                          0x00000000
                                                                                                          0x02bbcdc0
                                                                                                          0x02bbcdc2
                                                                                                          0x02bbcef5
                                                                                                          0x02bbcf01
                                                                                                          0x02bbcf05
                                                                                                          0x02bbcf71
                                                                                                          0x02bbcf91
                                                                                                          0x02bbcf94
                                                                                                          0x02bbcf99
                                                                                                          0x02bbd048
                                                                                                          0x02bbd04a
                                                                                                          0x02bbd04f
                                                                                                          0x00000000
                                                                                                          0x02bbcdc8
                                                                                                          0x02bbcdca
                                                                                                          0x02bbce91
                                                                                                          0x02bbce96
                                                                                                          0x02bbced5
                                                                                                          0x02bbcedc
                                                                                                          0x02bbcedf
                                                                                                          0x02bbcee1
                                                                                                          0x02bbcee9
                                                                                                          0x00000000
                                                                                                          0x02bbcdd0
                                                                                                          0x02bbcdd6
                                                                                                          0x02bbce5f
                                                                                                          0x02bbce65
                                                                                                          0x02bbce70
                                                                                                          0x02bbce70
                                                                                                          0x02bbce73
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bbce6d
                                                                                                          0x02bbce6d
                                                                                                          0x02bbce6d
                                                                                                          0x02bbce75
                                                                                                          0x02bbce78
                                                                                                          0x00000000
                                                                                                          0x02bbcddc
                                                                                                          0x02bbcde2
                                                                                                          0x02bbce4d
                                                                                                          0x02bbce52
                                                                                                          0x02bbce55
                                                                                                          0x02bbcdac
                                                                                                          0x02bbcdac
                                                                                                          0x02bbcdae
                                                                                                          0x02bbcdaf
                                                                                                          0x02bbcdaf
                                                                                                          0x00000000
                                                                                                          0x02bbcdaf
                                                                                                          0x02bbcde4
                                                                                                          0x02bbcdea
                                                                                                          0x00000000
                                                                                                          0x02bbcdf0
                                                                                                          0x02bbce06
                                                                                                          0x02bbce0c
                                                                                                          0x02bbcdea
                                                                                                          0x02bbcde2
                                                                                                          0x02bbcdd6
                                                                                                          0x02bbcdca
                                                                                                          0x02bbcdc2
                                                                                                          0x02bbce0d
                                                                                                          0x02bbce1e
                                                                                                          0x02bbd050
                                                                                                          0x02bbd050
                                                                                                          0x02bbd050
                                                                                                          0x00000000
                                                                                                          0x02bbd05c
                                                                                                          0x02bbcdaf

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: ($,.X$2WDP$E*$JD4$U{K$__0$i}p$#
                                                                                                          • API String ID: 0-2449995950
                                                                                                          • Opcode ID: 99f3c820a2ce1cec232c0180d324fb30286765f5d38a28c087288cda0e261d67
                                                                                                          • Instruction ID: a59c94ceb1173bcd19e548cde766884640567fd90738e9def6d62b4a63cfb39f
                                                                                                          • Opcode Fuzzy Hash: 99f3c820a2ce1cec232c0180d324fb30286765f5d38a28c087288cda0e261d67
                                                                                                          • Instruction Fuzzy Hash: B822207150C3809FD3A9CF64D58AA9BBBE2FBC4358F10891DE19986260D7B58949CF03
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BCE955, Relevance: 11.6, Strings: 9, Instructions: 300COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 97%
                                                                                                          			E02BCE955() {
				char _v524;
				signed int _v532;
				intOrPtr _v536;
				intOrPtr _v540;
				intOrPtr _v544;
				intOrPtr _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				intOrPtr _v560;
				char _v564;
				intOrPtr _v568;
				char _v572;
				signed int _v576;
				signed int _v580;
				signed int _v584;
				signed int _v588;
				signed int _v592;
				signed int _v596;
				signed int _v600;
				signed int _v604;
				signed int _v608;
				signed int _v612;
				signed int _v616;
				signed int _v620;
				signed int _v624;
				signed int _v628;
				signed int _v632;
				signed int _v636;
				signed int _v640;
				signed int _v644;
				signed int _v648;
				signed int _v652;
				signed int _v656;
				signed int _v660;
				signed int _v664;
				signed int _v668;
				signed int _v672;
				signed int _v676;
				signed int _v680;
				signed int _v684;
				signed int _v688;
				signed int _v692;
				signed int _v696;
				signed int _v700;
				signed int _v704;
				unsigned int _v708;
				signed int _t316;
				void* _t319;
				intOrPtr _t320;
				intOrPtr _t323;
				intOrPtr _t328;
				void* _t331;
				void* _t334;
				void* _t335;
				char _t342;
				signed int _t365;
				signed int _t366;
				signed int _t367;
				signed int _t368;
				signed int _t369;
				unsigned int* _t372;

				_t372 =  &_v708;
				_v576 = 0xda0c08;
				_v576 = _v576 + 0xffff47d7;
				_t335 = 0x67615db;
				_v576 = _v576 ^ 0x00d953de;
				_v616 = 0x1aa62a;
				_v616 = _v616 ^ 0x887273cb;
				_v616 = _v616 ^ 0x8868d4e1;
				_v696 = 0x6cc5ff;
				_v696 = _v696 + 0xffff0f33;
				_v696 = _v696 + 0xffffebff;
				_v696 = _v696 + 0xffff9323;
				_v696 = _v696 ^ 0x006b5457;
				_v620 = 0xd441f6;
				_v620 = _v620 >> 2;
				_v620 = _v620 ^ 0x0035107d;
				_v668 = 0xe6e8c4;
				_v668 = _v668 + 0xffff0cc3;
				_v668 = _v668 | 0x11364c4e;
				_v668 = _v668 ^ 0x11fae4e7;
				_v664 = 0xedeede;
				_v664 = _v664 + 0x8dc4;
				_v664 = _v664 >> 0xb;
				_v664 = _v664 ^ 0x00096569;
				_v644 = 0x7bf23b;
				_v644 = _v644 + 0x7679;
				_v644 = _v644 << 2;
				_v644 = _v644 ^ 0x01f0e7c7;
				_v588 = 0xd55e4f;
				_v588 = _v588 >> 8;
				_v588 = _v588 ^ 0x000a9525;
				_v648 = 0x4b711e;
				_v648 = _v648 + 0xffff1f62;
				_v648 = _v648 ^ 0xa93f12d6;
				_v648 = _v648 ^ 0xa9763896;
				_v584 = 0xdb5f0a;
				_v584 = _v584 * 0x19;
				_t334 = 0;
				_v584 = _v584 ^ 0x156e4d85;
				_v608 = 0x3263c9;
				_v608 = _v608 + 0xe60;
				_v608 = _v608 ^ 0x0036f835;
				_v640 = 0x3b5ffd;
				_t365 = 0x46;
				_v640 = _v640 * 5;
				_v640 = _v640 / _t365;
				_v640 = _v640 ^ 0x000ce458;
				_v708 = 0xb95ed6;
				_t366 = 0x5a;
				_v708 = _v708 / _t366;
				_v708 = _v708 ^ 0x64dff63e;
				_v708 = _v708 >> 0x10;
				_v708 = _v708 ^ 0x000970e9;
				_v672 = 0xda5c0b;
				_v672 = _v672 >> 5;
				_v672 = _v672 * 0x6e;
				_v672 = _v672 ^ 0x02ed68c8;
				_v600 = 0xb0c206;
				_v600 = _v600 + 0x21e9;
				_v600 = _v600 ^ 0x00b07205;
				_v684 = 0x1b8021;
				_v684 = _v684 << 2;
				_v684 = _v684 >> 0xb;
				_v684 = _v684 << 8;
				_v684 = _v684 ^ 0x0007a69d;
				_v700 = 0x716346;
				_v700 = _v700 >> 0xe;
				_v700 = _v700 << 9;
				_v700 = _v700 | 0x54417142;
				_v700 = _v700 ^ 0x544d1ccb;
				_v704 = 0x83733f;
				_v704 = _v704 << 0xe;
				_v704 = _v704 << 1;
				_t367 = 0xf;
				_v704 = _v704 / _t367;
				_v704 = _v704 ^ 0x0c51ca4a;
				_v676 = 0x255e7;
				_v676 = _v676 ^ 0x45c0186f;
				_v676 = _v676 ^ 0x0e243a79;
				_v676 = _v676 ^ 0x4be8c079;
				_v652 = 0xc8a42f;
				_t368 = 0x3b;
				_v652 = _v652 * 0x1e;
				_v652 = _v652 + 0xffffdb98;
				_v652 = _v652 ^ 0x178e8932;
				_v660 = 0x399dd9;
				_v660 = _v660 << 0x10;
				_v660 = _v660 << 1;
				_v660 = _v660 ^ 0x3bb87d79;
				_v596 = 0x4a6152;
				_v596 = _v596 + 0xeb3a;
				_v596 = _v596 ^ 0x00451e15;
				_v604 = 0x1a296a;
				_v604 = _v604 >> 3;
				_v604 = _v604 ^ 0x000806f7;
				_v628 = 0x8a6a9a;
				_v628 = _v628 << 0xc;
				_v628 = _v628 / _t368;
				_v628 = _v628 ^ 0x02ddb0c3;
				_v612 = 0x56dff1;
				_v612 = _v612 << 4;
				_v612 = _v612 ^ 0x056559b2;
				_v592 = 0xb835f;
				_v592 = _v592 ^ 0x56373199;
				_v592 = _v592 ^ 0x563f1b5a;
				_v636 = 0x2555d1;
				_v636 = _v636 + 0xffff7c76;
				_v636 = _v636 | 0x931e680c;
				_v636 = _v636 ^ 0x933edc2a;
				_v688 = 0x729e7a;
				_v688 = _v688 + 0x52a9;
				_v688 = _v688 << 6;
				_v688 = _v688 ^ 0x08219d26;
				_v688 = _v688 ^ 0x149a839d;
				_v656 = 0xbb5b70;
				_v656 = _v656 + 0x6c7b;
				_v656 = _v656 | 0x24d7418a;
				_v656 = _v656 ^ 0x24f0c3f7;
				_v692 = 0xac0342;
				_v692 = _v692 + 0x6c81;
				_v692 = _v692 >> 0xd;
				_v692 = _v692 + 0xbde1;
				_v692 = _v692 ^ 0x00055202;
				_v632 = 0x18da0d;
				_t369 = 0x57;
				_v632 = _v632 * 0x5d;
				_v632 = _v632 + 0xffff6f25;
				_v632 = _v632 ^ 0x090e1c26;
				_v580 = 0xa5e89c;
				_v580 = _v580 / _t369;
				_v580 = _v580 ^ 0x000ce540;
				_v680 = 0x842c1c;
				_v680 = _v680 << 5;
				_v680 = _v680 ^ 0x259e7cb4;
				_v680 = _v680 + 0xffff46bd;
				_v680 = _v680 ^ 0x3515c03d;
				_v624 = 0x501187;
				_v624 = _v624 ^ 0x46ba0327;
				_v624 = _v624 ^ 0x46eeb458;
				_t364 = _v624;
				do {
					while(_t335 != 0x2d5e71a) {
						if(_t335 == 0x67615db) {
							_t335 = 0xf75ce9f;
							continue;
						} else {
							if(_t335 == 0x7a053ff) {
								E02BD1538(_v680, _v624, _t364);
							} else {
								if(_t335 == 0x7a51f41) {
									_push(_v640);
									_push(_v608);
									_push(_v584);
									_t319 = E02BCE1F8(0x2bb1000, _v648, __eflags);
									_t320 =  *0x2bd6214; // 0x0
									_t323 =  *0x2bd6214; // 0x0
									E02BD2D0A(_v672, __eflags, _t323 + 0x23c, _v600, _v684, _v700, 0x2bb1000,  &_v524, _t320 + 0x34, _t319);
									E02BCFECB(_t319, _v704, _v676, _v652, _v660);
									_t372 =  &(_t372[0xe]);
									_t335 = 0x2d5e71a;
									continue;
								} else {
									if(_t335 == 0xa48fbff) {
										_v572 = _v572 - E02BB5477(_t335);
										_t335 = 0x7a51f41;
										asm("sbb [esp+0x9c], edx");
										continue;
									} else {
										if(_t335 == 0xd7f7f02) {
											_t328 = _v568;
											_t342 = _v572;
											_v560 = _t328;
											_v552 = _t328;
											_v544 = _t328;
											_v536 = _t328;
											_v532 = _v620;
											_v564 = _t342;
											_v556 = _t342;
											_v548 = _t342;
											_v540 = _t342;
											_t331 = E02BD44FF(_v656, _v692, _t342, _v632, _t342, _v580,  &_v564, _t364);
											_t372 =  &(_t372[6]);
											__eflags = _t331;
											_t334 =  !=  ? 1 : _t334;
											_t335 = 0x7a053ff;
											continue;
										} else {
											if(_t335 != 0xf75ce9f) {
												goto L16;
											} else {
												E02BCCA1F(_v668, _v664,  &_v572, _v644, _v588);
												_t372 =  &(_t372[3]);
												_t335 = 0xa48fbff;
												continue;
											}
										}
									}
								}
							}
						}
						L19:
						return _t334;
					}
					_t316 = E02BD45CA( &_v524, _v596, _t335, _t335, _v604, _v628, _v612, _v616, _v592, _v636, 0, _v688, _v696, _v576);
					_t364 = _t316;
					_t372 =  &(_t372[0xc]);
					__eflags = _t316 - 0xffffffff;
					if(__eflags == 0) {
						_t335 = 0xc46350e;
						goto L16;
					} else {
						_t335 = 0xd7f7f02;
						continue;
					}
					goto L19;
					L16:
					__eflags = _t335 - 0xc46350e;
				} while (__eflags != 0);
				goto L19;
			}
































































                                                                                                          0x02bce955
                                                                                                          0x02bce95f
                                                                                                          0x02bce96c
                                                                                                          0x02bce977
                                                                                                          0x02bce97c
                                                                                                          0x02bce987
                                                                                                          0x02bce98f
                                                                                                          0x02bce997
                                                                                                          0x02bce99f
                                                                                                          0x02bce9a7
                                                                                                          0x02bce9af
                                                                                                          0x02bce9b7
                                                                                                          0x02bce9bf
                                                                                                          0x02bce9c7
                                                                                                          0x02bce9cf
                                                                                                          0x02bce9d4
                                                                                                          0x02bce9dc
                                                                                                          0x02bce9e4
                                                                                                          0x02bce9ec
                                                                                                          0x02bce9f4
                                                                                                          0x02bce9fc
                                                                                                          0x02bcea04
                                                                                                          0x02bcea0c
                                                                                                          0x02bcea11
                                                                                                          0x02bcea19
                                                                                                          0x02bcea21
                                                                                                          0x02bcea29
                                                                                                          0x02bcea2e
                                                                                                          0x02bcea36
                                                                                                          0x02bcea41
                                                                                                          0x02bcea49
                                                                                                          0x02bcea54
                                                                                                          0x02bcea5c
                                                                                                          0x02bcea64
                                                                                                          0x02bcea6c
                                                                                                          0x02bcea74
                                                                                                          0x02bcea87
                                                                                                          0x02bcea8e
                                                                                                          0x02bcea90
                                                                                                          0x02bcea9b
                                                                                                          0x02bceaa3
                                                                                                          0x02bceaab
                                                                                                          0x02bceab3
                                                                                                          0x02bceac2
                                                                                                          0x02bceac5
                                                                                                          0x02bcead1
                                                                                                          0x02bcead5
                                                                                                          0x02bceadd
                                                                                                          0x02bceae9
                                                                                                          0x02bceaec
                                                                                                          0x02bceaf0
                                                                                                          0x02bceaf8
                                                                                                          0x02bceafd
                                                                                                          0x02bceb05
                                                                                                          0x02bceb0d
                                                                                                          0x02bceb17
                                                                                                          0x02bceb1b
                                                                                                          0x02bceb23
                                                                                                          0x02bceb2b
                                                                                                          0x02bceb33
                                                                                                          0x02bceb3b
                                                                                                          0x02bceb43
                                                                                                          0x02bceb48
                                                                                                          0x02bceb4d
                                                                                                          0x02bceb52
                                                                                                          0x02bceb5a
                                                                                                          0x02bceb62
                                                                                                          0x02bceb67
                                                                                                          0x02bceb6e
                                                                                                          0x02bceb76
                                                                                                          0x02bceb7e
                                                                                                          0x02bceb86
                                                                                                          0x02bceb8b
                                                                                                          0x02bceb95
                                                                                                          0x02bceb9a
                                                                                                          0x02bceba0
                                                                                                          0x02bceba8
                                                                                                          0x02bcebb0
                                                                                                          0x02bcebb8
                                                                                                          0x02bcebc0
                                                                                                          0x02bcebc8
                                                                                                          0x02bcebd5
                                                                                                          0x02bcebd8
                                                                                                          0x02bcebdc
                                                                                                          0x02bcebe4
                                                                                                          0x02bcebec
                                                                                                          0x02bcebf4
                                                                                                          0x02bcebf9
                                                                                                          0x02bcebfd
                                                                                                          0x02bcec05
                                                                                                          0x02bcec10
                                                                                                          0x02bcec1b
                                                                                                          0x02bcec26
                                                                                                          0x02bcec2e
                                                                                                          0x02bcec33
                                                                                                          0x02bcec3b
                                                                                                          0x02bcec43
                                                                                                          0x02bcec50
                                                                                                          0x02bcec54
                                                                                                          0x02bcec5c
                                                                                                          0x02bcec64
                                                                                                          0x02bcec69
                                                                                                          0x02bcec71
                                                                                                          0x02bcec7c
                                                                                                          0x02bcec87
                                                                                                          0x02bcec92
                                                                                                          0x02bcec9a
                                                                                                          0x02bceca2
                                                                                                          0x02bcecaa
                                                                                                          0x02bcecb2
                                                                                                          0x02bcecba
                                                                                                          0x02bcecc2
                                                                                                          0x02bcecc7
                                                                                                          0x02bceccf
                                                                                                          0x02bcecd7
                                                                                                          0x02bcecdf
                                                                                                          0x02bcece7
                                                                                                          0x02bcecef
                                                                                                          0x02bcecf7
                                                                                                          0x02bcecff
                                                                                                          0x02bced07
                                                                                                          0x02bced0c
                                                                                                          0x02bced14
                                                                                                          0x02bced1c
                                                                                                          0x02bced29
                                                                                                          0x02bced2a
                                                                                                          0x02bced2e
                                                                                                          0x02bced36
                                                                                                          0x02bced3e
                                                                                                          0x02bced52
                                                                                                          0x02bced59
                                                                                                          0x02bced64
                                                                                                          0x02bced6c
                                                                                                          0x02bced71
                                                                                                          0x02bced79
                                                                                                          0x02bced86
                                                                                                          0x02bced8e
                                                                                                          0x02bced96
                                                                                                          0x02bced9e
                                                                                                          0x02bceda6
                                                                                                          0x02bcedaa
                                                                                                          0x02bcedaa
                                                                                                          0x02bcedbc
                                                                                                          0x02bcef46
                                                                                                          0x00000000
                                                                                                          0x02bcedc2
                                                                                                          0x02bcedc8
                                                                                                          0x02bcefca
                                                                                                          0x02bcedce
                                                                                                          0x02bcedd4
                                                                                                          0x02bceec6
                                                                                                          0x02bceecf
                                                                                                          0x02bceed3
                                                                                                          0x02bceede
                                                                                                          0x02bceee8
                                                                                                          0x02bcef0a
                                                                                                          0x02bcef1d
                                                                                                          0x02bcef34
                                                                                                          0x02bcef39
                                                                                                          0x02bcef3c
                                                                                                          0x00000000
                                                                                                          0x02bcedda
                                                                                                          0x02bcede0
                                                                                                          0x02bceeae
                                                                                                          0x02bceeb5
                                                                                                          0x02bceeba
                                                                                                          0x00000000
                                                                                                          0x02bcede6
                                                                                                          0x02bcede8
                                                                                                          0x02bcee20
                                                                                                          0x02bcee27
                                                                                                          0x02bcee2e
                                                                                                          0x02bcee35
                                                                                                          0x02bcee3c
                                                                                                          0x02bcee43
                                                                                                          0x02bcee4f
                                                                                                          0x02bcee65
                                                                                                          0x02bcee75
                                                                                                          0x02bcee7c
                                                                                                          0x02bcee83
                                                                                                          0x02bcee8f
                                                                                                          0x02bcee96
                                                                                                          0x02bcee9a
                                                                                                          0x02bcee9c
                                                                                                          0x02bcee9f
                                                                                                          0x00000000
                                                                                                          0x02bcedea
                                                                                                          0x02bcedf0
                                                                                                          0x00000000
                                                                                                          0x02bcedf6
                                                                                                          0x02bcee11
                                                                                                          0x02bcee16
                                                                                                          0x02bcee19
                                                                                                          0x00000000
                                                                                                          0x02bcee19
                                                                                                          0x02bcedf0
                                                                                                          0x02bcede8
                                                                                                          0x02bcede0
                                                                                                          0x02bcedd4
                                                                                                          0x02bcedc8
                                                                                                          0x02bcefd3
                                                                                                          0x02bcefdc
                                                                                                          0x02bcefdc
                                                                                                          0x02bcef98
                                                                                                          0x02bcef9d
                                                                                                          0x02bcef9f
                                                                                                          0x02bcefa2
                                                                                                          0x02bcefa5
                                                                                                          0x02bcefae
                                                                                                          0x00000000
                                                                                                          0x02bcefa7
                                                                                                          0x02bcefa7
                                                                                                          0x00000000
                                                                                                          0x02bcefa7
                                                                                                          0x00000000
                                                                                                          0x02bcefb3
                                                                                                          0x02bcefb3
                                                                                                          0x02bcefb3
                                                                                                          0x00000000

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: :$BqAT$RaJ$WTk$ie$yv${l$!$p
                                                                                                          • API String ID: 0-4263964199
                                                                                                          • Opcode ID: 814f5aaf0a933e101bf72547da7fd16c23922c19d3e2c4b721c90c5e9efd8271
                                                                                                          • Instruction ID: c89d935aed8683f4379092626a118f0a079a65edbecdfdbcac4332d31151547c
                                                                                                          • Opcode Fuzzy Hash: 814f5aaf0a933e101bf72547da7fd16c23922c19d3e2c4b721c90c5e9efd8271
                                                                                                          • Instruction Fuzzy Hash: FCF13EB1509380CFD3A8CF65C549A5BFBE1FBC4758F60891DE2AA86260D7B18949CF43
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BD36AA, Relevance: 10.4, Strings: 8, Instructions: 359COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 97%
                                                                                                          			E02BD36AA() {
				signed int _t373;
				signed int _t378;
				signed int _t379;
				signed int _t382;
				intOrPtr _t383;
				signed int _t385;
				signed int _t387;
				void* _t392;
				signed int _t435;
				signed int _t438;
				signed int _t439;
				signed int _t440;
				signed int _t441;
				signed int _t442;
				signed int _t443;
				signed int _t444;
				signed int _t445;
				signed int _t446;
				signed int _t447;
				signed int _t449;
				signed int* _t453;

				 *_t453 = 0x507140;
				_t392 = 0xe12044f;
				_t453[4] =  *_t453 * 0x71;
				_t438 = 0x6b;
				_t453[5] = _t453[4] / _t438;
				_t453[5] = _t453[5] >> 9;
				_t453[5] = _t453[5] ^ 0x00002a7b;
				_t453[9] = 0x87b94d;
				_t453[9] = _t453[9] + 0xffff92a0;
				_t453[9] = _t453[9] + 0x79ac;
				_t453[9] = _t453[9] >> 3;
				_t453[9] = _t453[9] ^ 0x0010f8b2;
				_t453[0x18] = 0x43735f;
				_t453[0x18] = _t453[0x18] << 0xa;
				_t453[0x18] = _t453[0x18] + 0xffff408e;
				_t453[0x18] = _t453[0x18] ^ 0x0dccbc8d;
				_t453[0x19] = 0x2e99ff;
				_t439 = 0x48;
				_push("true");
				_t453[0x19] = _t453[0x19] / _t439;
				_t453[0x19] = _t453[0x19] | 0xc1c83132;
				_t453[0x19] = _t453[0x19] ^ 0xc1c60879;
				_t453[0xc] = 0xdcf188;
				_pop(_t440);
				_t453[0x2b] = _t453[0x2b] & 0x00000000;
				_t453[0xc] = _t453[0xc] * 0x48;
				_t453[0xc] = _t453[0xc] + 0xb8d0;
				_t453[0xc] = _t453[0xc] + 0xe79e;
				_t453[0xc] = _t453[0xc] ^ 0x3e220605;
				_t453[0x1f] = 0x3f10b8;
				_t453[0x1f] = _t453[0x1f] | 0x536a71f8;
				_t453[0x1f] = _t453[0x1f] ^ 0x537d907f;
				_t453[0x17] = 0xda4ece;
				_t453[0x17] = _t453[0x17] / _t440;
				_t453[0x17] = _t453[0x17] + 0xffff6c3f;
				_t453[0x17] = _t453[0x17] ^ 0x000916d6;
				_t453[0x21] = 0x81e16;
				_t441 = 0x1f;
				_t453[0x20] = _t453[0x21] * 0x37;
				_t453[0x20] = _t453[0x20] ^ 0x01bbd9e8;
				_t453[0x12] = 0x23ff7a;
				_t453[0x12] = _t453[0x12] + 0xda88;
				_t453[0x12] = _t453[0x12] << 9;
				_t453[0x12] = _t453[0x12] ^ 0x49b967a0;
				_t453[0x25] = 0xa4ae1d;
				_t453[0x25] = _t453[0x25] + 0xffff1e93;
				_t453[0x25] = _t453[0x25] ^ 0x00a3b794;
				_t453[0x1a] = 0xc58380;
				_t453[0x1a] = _t453[0x1a] + 0xffff63f4;
				_t453[0x1a] = _t453[0x1a] ^ 0x00c360dd;
				_t453[0xa] = 0x315c71;
				_t453[0xa] = _t453[0xa] * 0x2d;
				_t453[0xa] = _t453[0xa] << 4;
				_t453[0xa] = _t453[0xa] >> 9;
				_t453[0xa] = _t453[0xa] ^ 0x004c0641;
				_t453[0x26] = 0xfaa693;
				_t453[0x26] = _t453[0x26] / _t441;
				_t453[0x26] = _t453[0x26] ^ 0x0006da62;
				_t453[6] = 0x2e22d8;
				_t453[6] = _t453[6] + 0x1da5;
				_t453[6] = _t453[6] ^ 0x7a3436a8;
				_t453[6] = _t453[6] + 0x3380;
				_t453[6] = _t453[6] ^ 0x7a1ea83a;
				_t453[0xe] = 0x225cf9;
				_t442 = 0x46;
				_t453[0xf] = _t453[0xe] * 0xd;
				_t453[0xf] = _t453[0xf] / _t442;
				_t453[0xf] = _t453[0xf] ^ 0x000c9e58;
				_t453[0x1e] = 0xb4cd70;
				_t443 = 5;
				_t453[0x1e] = _t453[0x1e] / _t443;
				_t453[0x1e] = _t453[0x1e] ^ 0x00223e8b;
				_t453[0x25] = 0x175145;
				_t453[0x25] = _t453[0x25] + 0xffffbe60;
				_t453[0x25] = _t453[0x25] ^ 0x0015ea4b;
				_t453[0x16] = 0x9a90a6;
				_t453[0x16] = _t453[0x16] >> 1;
				_t453[0x16] = _t453[0x16] | 0x97e6917e;
				_t453[0x16] = _t453[0x16] ^ 0x97edbee9;
				_t453[0x14] = 0x10553c;
				_t453[0x14] = _t453[0x14] | 0x69ed7b68;
				_t453[0x14] = _t453[0x14] ^ 0x8ccf5101;
				_t453[0x14] = _t453[0x14] ^ 0xe532736d;
				_t453[0x12] = 0x5e103c;
				_t453[0x12] = _t453[0x12] ^ 0xd5bdf2ed;
				_t453[0x12] = _t453[0x12] | 0x536bb37e;
				_t453[0x12] = _t453[0x12] ^ 0xd7e39e3a;
				_t453[6] = 0xad714c;
				_t453[6] = _t453[6] << 5;
				_t444 = 0x5a;
				_t453[6] = _t453[6] * 0x77;
				_t453[6] = _t453[6] | 0x8fd7f967;
				_t453[6] = _t453[6] ^ 0x9ffa7b5b;
				_t453[0x29] = 0x969a62;
				_t453[0x29] = _t453[0x29] + 0xffff3747;
				_t453[0x29] = _t453[0x29] ^ 0x009bad24;
				_t453[0x22] = 0xa29aa2;
				_t453[0x22] = _t453[0x22] + 0xffff9bca;
				_t453[0x22] = _t453[0x22] ^ 0x00a8d7f4;
				_t453[0x28] = 0x5c718d;
				_t453[0x28] = _t453[0x28] / _t444;
				_t453[0x28] = _t453[0x28] ^ 0x000e04a7;
				_t453[0x15] = 0x6aed70;
				_t453[0x15] = _t453[0x15] | 0x24270adc;
				_t453[0x15] = _t453[0x15] ^ 0x00a30154;
				_t453[0x15] = _t453[0x15] ^ 0x24c5236d;
				_t453[0x20] = 0x9ad963;
				_t453[0x20] = _t453[0x20] ^ 0x804e7f4a;
				_t453[0x20] = _t453[0x20] ^ 0x80d9ea50;
				_t453[0x1c] = 0xc68496;
				_t453[0x1c] = _t453[0x1c] >> 0x10;
				_t453[0x1c] = _t453[0x1c] ^ 0x0003f168;
				_t453[0x24] = 0x7e4214;
				_t453[0x24] = _t453[0x24] << 4;
				_t453[0x24] = _t453[0x24] ^ 0x07e08805;
				_t453[0x11] = 0x92d404;
				_t445 = 0x3c;
				_t453[0x10] = _t453[0x11] / _t445;
				_t453[0x10] = _t453[0x10] + 0x2a76;
				_t453[0x10] = _t453[0x10] ^ 0x0004ebe7;
				_t453[9] = 0xe8ea05;
				_t453[9] = _t453[9] + 0xffffd5a4;
				_t453[9] = _t453[9] << 7;
				_t453[9] = _t453[9] + 0xffff1c2a;
				_t453[9] = _t453[9] ^ 0x7454948f;
				_t453[7] = 0x853308;
				_t453[7] = _t453[7] + 0xffff5128;
				_t453[7] = _t453[7] + 0x9f37;
				_t453[7] = _t453[7] | 0x54c51839;
				_t453[7] = _t453[7] ^ 0x54ca1cec;
				_t453[0x1c] = 0x270edd;
				_t453[0x1c] = _t453[0x1c] + 0x9c5c;
				_t453[0x1c] = _t453[0x1c] ^ 0x00251ad9;
				_t453[0x22] = 0x4b1e01;
				_t453[0x22] = _t453[0x22] >> 0xa;
				_t453[0x22] = _t453[0x22] ^ 0x00014be5;
				_t453[0xf] = 0x1097d4;
				_t453[0xf] = _t453[0xf] ^ 0x70356bb9;
				_t453[0xf] = _t453[0xf] << 7;
				_t453[0xf] = _t453[0xf] ^ 0x12f26116;
				_t453[0xd] = 0x3e61;
				_t453[0xd] = _t453[0xd] ^ 0x4940d563;
				_t453[0xd] = _t453[0xd] << 5;
				_t453[0xd] = _t453[0xd] ^ 0x28127601;
				_t453[0x19] = 0xea3040;
				_t265 =  &(_t453[0x19]); // 0xea3040
				_t446 = 0x24;
				_t390 = _t453[0x2a];
				_t453[0x1a] =  *_t265 * 0x3e;
				_t435 = _t453[0x2a];
				_t453[0x1a] = _t453[0x1a] / _t446;
				_t453[0x1a] = _t453[0x1a] ^ 0x01901c81;
				_t453[0xd] = 0xdd1c82;
				_t447 = 0x39;
				_t451 = _t453[0x29];
				_t453[0xc] = _t453[0xd] * 0x64;
				_t453[0xc] = _t453[0xc] / _t447;
				_t453[0xc] = _t453[0xc] ^ 0x01838ff7;
				L1:
				while(1) {
					while(_t392 != 0x17dddcb) {
						if(_t392 == 0x8a29766) {
							E02BD2B09(_t453[0x24], _t435, _t453[0x10], _t453[0xd]);
							_t392 = 0xcdeb26f;
							continue;
						} else {
							if(_t392 == 0xac116a6) {
								E02BD0DB1(_t453[0x1b],  &(_t453[0x2d]), __eflags, _t453[0xd], _t392, _t453[0x1e]);
								_t373 = E02BC09DD(_t453[0x1b],  &(_t453[0x30]), _t453[0x24], _t453[0x15]);
								_t451 = _t373;
								_t453 =  &(_t453[5]);
								_t392 = 0xf1147e4;
								 *((short*)(_t373 - 2)) = 0;
								continue;
							} else {
								if(_t392 == 0xcdeb26f) {
									_t337 =  &(_t453[0x19]); // 0xea3040
									E02BD1538( *_t337, _t453[0xc], _t390);
								} else {
									if(_t392 == 0xe12044f) {
										_t392 = 0xac116a6;
										continue;
									} else {
										if(_t392 == 0xe899f05) {
											_t378 = E02BCE406(_t453[0x11], _t453[0x33], _t392, _t453[0x2b], _t453[0x30], _t435, _t453[0xb], _t392,  &(_t453[0x2e]), _t453[0x2d], _t453[0x17], _t453[0x21], _t392, _t390);
											_t453 =  &(_t453[0xc]);
											__eflags = _t378;
											if(_t378 == 0) {
												L17:
												_t379 = _t453[0x2a];
											} else {
												_t449 = _t435;
												while(1) {
													__eflags =  *((intOrPtr*)(_t449 + 4)) - 4;
													if( *((intOrPtr*)(_t449 + 4)) != 4) {
														goto L14;
													}
													L13:
													_t387 = E02BD061D(_t453[0x1d], _t451, _t449 + 0xc, _t453[0x24], _t453[0x10]);
													_t453 =  &(_t453[3]);
													__eflags = _t387;
													if(_t387 == 0) {
														_t379 = 1;
														_t453[0x2a] = 1;
													} else {
														goto L14;
													}
													goto L18;
													L14:
													_t385 =  *_t449;
													__eflags = _t385;
													if(_t385 == 0) {
														goto L17;
													} else {
														_t449 = _t449 + _t385;
														__eflags =  *((intOrPtr*)(_t449 + 4)) - 4;
														if( *((intOrPtr*)(_t449 + 4)) != 4) {
															goto L14;
														}
													}
													goto L18;
												}
											}
											L18:
											__eflags = _t379;
											if(__eflags == 0) {
												L20:
												_t392 = 0xe899f05;
											} else {
												_t383 =  *0x2bd6208; // 0x0
												E02BD27BC(_t453[0xa], _t453[8],  *((intOrPtr*)(_t383 + 0x18)), _t453[0x1c]);
												_t392 = 0x8a29766;
											}
											continue;
											L30:
										} else {
											if(_t392 != 0xf1147e4) {
												L26:
												__eflags = _t392 - 0x2906cf2;
												if(__eflags != 0) {
													continue;
												} else {
												}
											} else {
												_t382 = E02BD45CA( &(_t453[0x38]), _t453[0x2f], _t392, _t392, _t453[0x23], _t453[0x12], _t453[0x2d], 1, _t453[0xb], _t453[0x12], 0x2000000, _t453[0x1f], _t453[0x18], _t453[8] | 0x00000006);
												_t390 = _t382;
												_t453 =  &(_t453[0xc]);
												if(_t382 != 0xffffffff) {
													_t392 = 0x17dddcb;
													continue;
												}
											}
										}
									}
								}
							}
						}
						L29:
						__eflags = 0;
						return 0;
						goto L30;
					}
					_push(_t392);
					_push(_t392);
					_t453[0x2c] = 0x1000;
					_t435 = E02BBC5D8(0x1000);
					_t453 =  &(_t453[3]);
					__eflags = _t435;
					if(__eflags != 0) {
						goto L20;
					} else {
						_t392 = 0xcdeb26f;
						goto L26;
					}
					goto L29;
				}
			}
























                                                                                                          0x02bd36b0
                                                                                                          0x02bd36bd
                                                                                                          0x02bd36c6
                                                                                                          0x02bd36d0
                                                                                                          0x02bd36d5
                                                                                                          0x02bd36db
                                                                                                          0x02bd36e0
                                                                                                          0x02bd36e8
                                                                                                          0x02bd36f0
                                                                                                          0x02bd36f8
                                                                                                          0x02bd3700
                                                                                                          0x02bd3705
                                                                                                          0x02bd370d
                                                                                                          0x02bd3715
                                                                                                          0x02bd371a
                                                                                                          0x02bd3722
                                                                                                          0x02bd372a
                                                                                                          0x02bd3736
                                                                                                          0x02bd3739
                                                                                                          0x02bd373b
                                                                                                          0x02bd3741
                                                                                                          0x02bd3749
                                                                                                          0x02bd3751
                                                                                                          0x02bd375e
                                                                                                          0x02bd3761
                                                                                                          0x02bd3769
                                                                                                          0x02bd376d
                                                                                                          0x02bd3775
                                                                                                          0x02bd377d
                                                                                                          0x02bd3785
                                                                                                          0x02bd378d
                                                                                                          0x02bd3795
                                                                                                          0x02bd379d
                                                                                                          0x02bd37ad
                                                                                                          0x02bd37b1
                                                                                                          0x02bd37b9
                                                                                                          0x02bd37c1
                                                                                                          0x02bd37d4
                                                                                                          0x02bd37d5
                                                                                                          0x02bd37dc
                                                                                                          0x02bd37e7
                                                                                                          0x02bd37ef
                                                                                                          0x02bd37f7
                                                                                                          0x02bd37fc
                                                                                                          0x02bd3804
                                                                                                          0x02bd380f
                                                                                                          0x02bd381a
                                                                                                          0x02bd3825
                                                                                                          0x02bd382d
                                                                                                          0x02bd3835
                                                                                                          0x02bd383d
                                                                                                          0x02bd384a
                                                                                                          0x02bd384e
                                                                                                          0x02bd3853
                                                                                                          0x02bd3858
                                                                                                          0x02bd3860
                                                                                                          0x02bd3874
                                                                                                          0x02bd387b
                                                                                                          0x02bd3886
                                                                                                          0x02bd3890
                                                                                                          0x02bd3898
                                                                                                          0x02bd38a0
                                                                                                          0x02bd38a8
                                                                                                          0x02bd38b0
                                                                                                          0x02bd38bf
                                                                                                          0x02bd38c2
                                                                                                          0x02bd38ce
                                                                                                          0x02bd38d2
                                                                                                          0x02bd38da
                                                                                                          0x02bd38e6
                                                                                                          0x02bd38eb
                                                                                                          0x02bd38f1
                                                                                                          0x02bd38f9
                                                                                                          0x02bd3904
                                                                                                          0x02bd390f
                                                                                                          0x02bd391a
                                                                                                          0x02bd3922
                                                                                                          0x02bd3926
                                                                                                          0x02bd392e
                                                                                                          0x02bd3936
                                                                                                          0x02bd393e
                                                                                                          0x02bd3946
                                                                                                          0x02bd394e
                                                                                                          0x02bd3956
                                                                                                          0x02bd395e
                                                                                                          0x02bd3966
                                                                                                          0x02bd396e
                                                                                                          0x02bd3976
                                                                                                          0x02bd397e
                                                                                                          0x02bd3988
                                                                                                          0x02bd398b
                                                                                                          0x02bd398f
                                                                                                          0x02bd3997
                                                                                                          0x02bd399f
                                                                                                          0x02bd39aa
                                                                                                          0x02bd39b5
                                                                                                          0x02bd39c0
                                                                                                          0x02bd39cb
                                                                                                          0x02bd39d6
                                                                                                          0x02bd39e1
                                                                                                          0x02bd39f7
                                                                                                          0x02bd39fe
                                                                                                          0x02bd3a09
                                                                                                          0x02bd3a11
                                                                                                          0x02bd3a19
                                                                                                          0x02bd3a21
                                                                                                          0x02bd3a29
                                                                                                          0x02bd3a34
                                                                                                          0x02bd3a3f
                                                                                                          0x02bd3a4a
                                                                                                          0x02bd3a52
                                                                                                          0x02bd3a57
                                                                                                          0x02bd3a5f
                                                                                                          0x02bd3a6a
                                                                                                          0x02bd3a72
                                                                                                          0x02bd3a7d
                                                                                                          0x02bd3a89
                                                                                                          0x02bd3a8c
                                                                                                          0x02bd3a90
                                                                                                          0x02bd3a98
                                                                                                          0x02bd3aa0
                                                                                                          0x02bd3aa8
                                                                                                          0x02bd3ab2
                                                                                                          0x02bd3ab7
                                                                                                          0x02bd3abf
                                                                                                          0x02bd3ac7
                                                                                                          0x02bd3acf
                                                                                                          0x02bd3ad7
                                                                                                          0x02bd3adf
                                                                                                          0x02bd3ae7
                                                                                                          0x02bd3aef
                                                                                                          0x02bd3af7
                                                                                                          0x02bd3aff
                                                                                                          0x02bd3b07
                                                                                                          0x02bd3b12
                                                                                                          0x02bd3b1a
                                                                                                          0x02bd3b25
                                                                                                          0x02bd3b2d
                                                                                                          0x02bd3b35
                                                                                                          0x02bd3b3a
                                                                                                          0x02bd3b42
                                                                                                          0x02bd3b4a
                                                                                                          0x02bd3b52
                                                                                                          0x02bd3b57
                                                                                                          0x02bd3b5f
                                                                                                          0x02bd3b67
                                                                                                          0x02bd3b6e
                                                                                                          0x02bd3b71
                                                                                                          0x02bd3b78
                                                                                                          0x02bd3b84
                                                                                                          0x02bd3b8b
                                                                                                          0x02bd3b8f
                                                                                                          0x02bd3b97
                                                                                                          0x02bd3ba4
                                                                                                          0x02bd3ba5
                                                                                                          0x02bd3bac
                                                                                                          0x02bd3bb6
                                                                                                          0x02bd3bba
                                                                                                          0x00000000
                                                                                                          0x02bd3bc2
                                                                                                          0x02bd3bc2
                                                                                                          0x02bd3bd4
                                                                                                          0x02bd3d95
                                                                                                          0x02bd3d9c
                                                                                                          0x00000000
                                                                                                          0x02bd3bda
                                                                                                          0x02bd3be0
                                                                                                          0x02bd3d4f
                                                                                                          0x02bd3d6a
                                                                                                          0x02bd3d6f
                                                                                                          0x02bd3d71
                                                                                                          0x02bd3d76
                                                                                                          0x02bd3d7b
                                                                                                          0x00000000
                                                                                                          0x02bd3be6
                                                                                                          0x02bd3bec
                                                                                                          0x02bd3df4
                                                                                                          0x02bd3df9
                                                                                                          0x02bd3bf2
                                                                                                          0x02bd3bf8
                                                                                                          0x02bd3d31
                                                                                                          0x00000000
                                                                                                          0x02bd3bfe
                                                                                                          0x02bd3c04
                                                                                                          0x02bd3cac
                                                                                                          0x02bd3cb1
                                                                                                          0x02bd3cb4
                                                                                                          0x02bd3cb6
                                                                                                          0x02bd3cf7
                                                                                                          0x02bd3cf7
                                                                                                          0x02bd3cb8
                                                                                                          0x02bd3cb8
                                                                                                          0x02bd3cba
                                                                                                          0x02bd3cba
                                                                                                          0x02bd3cbe
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bd3cc0
                                                                                                          0x02bd3cd5
                                                                                                          0x02bd3cda
                                                                                                          0x02bd3cdd
                                                                                                          0x02bd3cdf
                                                                                                          0x02bd3ced
                                                                                                          0x02bd3cee
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bd3ce1
                                                                                                          0x02bd3ce1
                                                                                                          0x02bd3ce3
                                                                                                          0x02bd3ce5
                                                                                                          0x00000000
                                                                                                          0x02bd3ce7
                                                                                                          0x02bd3ce7
                                                                                                          0x02bd3cba
                                                                                                          0x02bd3cbe
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bd3cbe
                                                                                                          0x00000000
                                                                                                          0x02bd3ce5
                                                                                                          0x02bd3cba
                                                                                                          0x02bd3cfe
                                                                                                          0x02bd3cfe
                                                                                                          0x02bd3d00
                                                                                                          0x02bd3d27
                                                                                                          0x02bd3d27
                                                                                                          0x02bd3d02
                                                                                                          0x02bd3d06
                                                                                                          0x02bd3d16
                                                                                                          0x02bd3d1d
                                                                                                          0x02bd3d1d
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bd3c06
                                                                                                          0x02bd3c0c
                                                                                                          0x02bd3de2
                                                                                                          0x02bd3de2
                                                                                                          0x02bd3de8
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bd3dee
                                                                                                          0x02bd3c12
                                                                                                          0x02bd3c53
                                                                                                          0x02bd3c58
                                                                                                          0x02bd3c5a
                                                                                                          0x02bd3c60
                                                                                                          0x02bd3c66
                                                                                                          0x00000000
                                                                                                          0x02bd3c66
                                                                                                          0x02bd3c60
                                                                                                          0x02bd3c0c
                                                                                                          0x02bd3c04
                                                                                                          0x02bd3bf8
                                                                                                          0x02bd3bec
                                                                                                          0x02bd3be0
                                                                                                          0x02bd3dff
                                                                                                          0x02bd3e02
                                                                                                          0x02bd3e0b
                                                                                                          0x00000000
                                                                                                          0x02bd3e0b
                                                                                                          0x02bd3db9
                                                                                                          0x02bd3dba
                                                                                                          0x02bd3dc0
                                                                                                          0x02bd3dd0
                                                                                                          0x02bd3dd2
                                                                                                          0x02bd3dd5
                                                                                                          0x02bd3dd7
                                                                                                          0x00000000
                                                                                                          0x02bd3ddd
                                                                                                          0x02bd3ddd
                                                                                                          0x00000000
                                                                                                          0x02bd3ddd
                                                                                                          0x00000000
                                                                                                          0x02bd3dd7

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: @0$_sC$a>$ms2$pj$q\1$v*${*
                                                                                                          • API String ID: 0-3081288078
                                                                                                          • Opcode ID: 5289f02627fbb74eca526ed2921aaf571c853f572b2259b48cedac577c1e4bb7
                                                                                                          • Instruction ID: ec6338815809a5a8b2b7a6b118a556583c6f267ad0f5e7dc12afeb93d7f6aafd
                                                                                                          • Opcode Fuzzy Hash: 5289f02627fbb74eca526ed2921aaf571c853f572b2259b48cedac577c1e4bb7
                                                                                                          • Instruction Fuzzy Hash: 900252715083809FD3A8CF65C48AA8BBBE1FBC4758F10895DF6DA86260D7B58948CF43
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BD46BD, Relevance: 10.3, Strings: 8, Instructions: 293COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 94%
                                                                                                          			E02BD46BD(void* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				void* _t316;
				intOrPtr _t339;
				intOrPtr* _t341;
				void* _t343;
				intOrPtr* _t346;
				void* _t348;
				intOrPtr* _t349;
				void* _t351;
				intOrPtr _t367;
				signed int _t370;
				signed int _t371;
				signed int _t372;
				signed int _t373;
				void* _t375;
				void* _t376;

				_t369 = _a16;
				_t349 = __edx;
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E02BCFE29(_t316);
				_v16 = 0xd9d351;
				_t367 = 0;
				_v12 = 0x17e122;
				_t376 = _t375 + 0x18;
				_v8 = 0;
				_v96 = 0xcc9d59;
				_t351 = 0xff449f4;
				_v96 = _v96 << 0xc;
				_v96 = _v96 + 0x162d;
				_v96 = _v96 ^ 0xc9d5a62c;
				_v132 = 0x3cc17f;
				_v132 = _v132 + 0xffff84d9;
				_t370 = 0x52;
				_v132 = _v132 * 0x3d;
				_v132 = _v132 << 0xf;
				_v132 = _v132 ^ 0x617c0001;
				_v48 = 0x63951b;
				_v48 = _v48 >> 7;
				_v48 = _v48 ^ 0x0000c72a;
				_v64 = 0xbc1395;
				_v64 = _v64 >> 0xd;
				_v64 = _v64 ^ 0x000005e0;
				_v80 = 0x50b5ee;
				_v80 = _v80 + 0xf34;
				_v80 = _v80 >> 1;
				_v80 = _v80 ^ 0x00286291;
				_v92 = 0x9715d8;
				_v92 = _v92 * 0x46;
				_v92 = _v92 << 0xd;
				_v92 = _v92 ^ 0xff220000;
				_v52 = 0xfde3f2;
				_v52 = _v52 + 0xa710;
				_v52 = _v52 ^ 0x00fe8b02;
				_v160 = 0x198337;
				_v160 = _v160 + 0xffff007e;
				_v160 = _v160 << 0x10;
				_v160 = _v160 ^ 0x69569842;
				_v160 = _v160 ^ 0xeaeb46e9;
				_v28 = 0xcc69bd;
				_v28 = _v28 ^ 0xeecfab9f;
				_v28 = _v28 ^ 0xee01123b;
				_v136 = 0x76b317;
				_v136 = _v136 / _t370;
				_v136 = _v136 + 0xffff81f3;
				_v136 = _v136 << 3;
				_v136 = _v136 ^ 0x00064d41;
				_v112 = 0x80a4bd;
				_v112 = _v112 * 0x13;
				_v112 = _v112 << 0xa;
				_v112 = _v112 + 0xcad4;
				_v112 = _v112 ^ 0x30efc400;
				_v144 = 0x82a288;
				_v144 = _v144 << 2;
				_v144 = _v144 >> 0xe;
				_v144 = _v144 << 9;
				_v144 = _v144 ^ 0x0011be13;
				_v56 = 0x7edd30;
				_v56 = _v56 * 0x55;
				_v56 = _v56 ^ 0x2a184bb4;
				_v88 = 0xe2a415;
				_t371 = 6;
				_v88 = _v88 * 0x2a;
				_v88 = _v88 + 0xffff5f32;
				_v88 = _v88 ^ 0x252ac732;
				_v128 = 0xe004bc;
				_v128 = _v128 ^ 0x574173bd;
				_v128 = _v128 >> 9;
				_v128 = _v128 ^ 0xd8221cc5;
				_v128 = _v128 ^ 0xd803a3d4;
				_v152 = 0x516ea5;
				_v152 = _v152 + 0xffff4486;
				_v152 = _v152 | 0x140257d0;
				_v152 = _v152 >> 0xf;
				_v152 = _v152 ^ 0x00051039;
				_v120 = 0x9f4975;
				_v120 = _v120 ^ 0x86b89632;
				_v120 = _v120 * 0x24;
				_v120 = _v120 | 0x1b5f0b87;
				_v120 = _v120 ^ 0xdfd1de63;
				_v36 = 0xa5f8e9;
				_v36 = _v36 + 0x714e;
				_v36 = _v36 ^ 0x00af22d8;
				_v44 = 0x824fdb;
				_v44 = _v44 + 0xffff91e5;
				_v44 = _v44 ^ 0x008fd473;
				_v68 = 0x680ab0;
				_v68 = _v68 + 0xbc39;
				_v68 = _v68 / _t371;
				_v68 = _v68 ^ 0x001a68c1;
				_v76 = 0x17a4af;
				_v76 = _v76 >> 0xb;
				_t372 = 0x5b;
				_v76 = _v76 / _t372;
				_v76 = _v76 ^ 0x0007f211;
				_v84 = 0x315e60;
				_v84 = _v84 + 0x702b;
				_v84 = _v84 + 0xffff10cc;
				_v84 = _v84 ^ 0x003e64ec;
				_v100 = 0x9cc34d;
				_v100 = _v100 | 0x947c2ff5;
				_t373 = 0x3a;
				_v100 = _v100 / _t373;
				_v100 = _v100 ^ 0x02979c4b;
				_v140 = 0xbfeff4;
				_v140 = _v140 ^ 0x822e0370;
				_v140 = _v140 + 0xf2f6;
				_v140 = _v140 | 0x96ab8507;
				_v140 = _v140 ^ 0x96bf89b8;
				_v60 = 0xfd95c4;
				_v60 = _v60 << 3;
				_v60 = _v60 ^ 0x07e16726;
				_v148 = 0x38036;
				_v148 = _v148 ^ 0x54103d5f;
				_v148 = _v148 | 0x54303272;
				_t206 =  &_v148; // 0x54303272
				_v148 =  *_t206;
				_v148 = _v148 ^ 0x5432cd2c;
				_v40 = 0xc550eb;
				_v40 = _v40 | 0x63f29c9e;
				_v40 = _v40 ^ 0x63f29262;
				_v32 = 0xf7791b;
				_v32 = _v32 * 0x51;
				_v32 = _v32 ^ 0x4e4d9c2b;
				_v156 = 0xdcae59;
				_v156 = _v156 + 0xffffc6cd;
				_v156 = _v156 + 0xfffffd52;
				_v156 = _v156 ^ 0x46382038;
				_v156 = _v156 ^ 0x46e78b29;
				_v72 = 0xac5d66;
				_v72 = _v72 | 0xb655dd15;
				_v72 = _v72 + 0xffff07b1;
				_v72 = _v72 ^ 0xb6f51c6c;
				_v104 = 0x2e3a8e;
				_v104 = _v104 | 0xfac334a1;
				_v104 = _v104 << 4;
				_v104 = _v104 ^ 0xaefe5277;
				_v108 = 0xcd35f0;
				_v108 = _v108 << 0xf;
				_v108 = _v108 | 0xf31160b4;
				_v108 = _v108 ^ 0xc3cc8d90;
				_v108 = _v108 ^ 0x3831362e;
				_v116 = 0x7e4b3f;
				_v116 = _v116 << 9;
				_v116 = _v116 + 0xa646;
				_v116 = _v116 + 0x5b3c;
				_v116 = _v116 ^ 0xfc982242;
				_v124 = 0x9fd9df;
				_v124 = _v124 >> 6;
				_v124 = _v124 << 0xf;
				_v124 = _v124 << 1;
				_v124 = _v124 ^ 0x7f607f7f;
				do {
					while(_t351 != 0x8274db) {
						if(_t351 == 0x30c1656) {
							_push(_t351);
							_push(_t351);
							_t339 = E02BBC5D8(_v20);
							_t376 = _t376 + 0xc;
							_v24 = _t339;
							if(_t339 != 0) {
								_t351 = 0x6ee5562;
								continue;
							}
						} else {
							if(_t351 == 0x6ee5562) {
								_t341 =  *0x2bd6224; // 0x0
								_t343 = E02BD11B0(_v84, _t351, _v92, _v100, _v132, _v140, _v60, _v148, _v20,  *_t369, _v40,  *((intOrPtr*)(_t369 + 4)), _v32,  &_v20, _v156, _v72, _v24,  *_t341, _v104);
								_t376 = _t376 + 0x48;
								if(_t343 == _v52) {
									 *_t349 = _v24;
									_t367 = 1;
									 *((intOrPtr*)(_t349 + 4)) = _v20;
								} else {
									_t351 = 0x8274db;
									continue;
								}
							} else {
								if(_t351 == 0xc41b31c) {
									_t346 =  *0x2bd6224; // 0x0
									_t348 = E02BD11B0(_v160, _t351, _v48, _v28, _v96, _v136, _v112, _v144, _v64,  *_t369, _v56,  *((intOrPtr*)(_t369 + 4)), _v88,  &_v20, _v128, _v152, _t367,  *_t346, _v120);
									_t376 = _t376 + 0x48;
									if(_t348 == _v80) {
										_t351 = 0x30c1656;
										continue;
									}
								} else {
									if(_t351 != 0xff449f4) {
										goto L14;
									} else {
										_t351 = 0xc41b31c;
										continue;
									}
								}
							}
						}
						L17:
						return _t367;
					}
					E02BD2B09(_v108, _v24, _v116, _v124);
					_t351 = 0xc0b2195;
					L14:
				} while (_t351 != 0xc0b2195);
				goto L17;
			}

























































                                                                                                          0x02bd46c6
                                                                                                          0x02bd46cd
                                                                                                          0x02bd46d0
                                                                                                          0x02bd46d1
                                                                                                          0x02bd46d8
                                                                                                          0x02bd46df
                                                                                                          0x02bd46e6
                                                                                                          0x02bd46e7
                                                                                                          0x02bd46e8
                                                                                                          0x02bd46ed
                                                                                                          0x02bd46f8
                                                                                                          0x02bd46fa
                                                                                                          0x02bd4705
                                                                                                          0x02bd4708
                                                                                                          0x02bd4711
                                                                                                          0x02bd4719
                                                                                                          0x02bd471e
                                                                                                          0x02bd4723
                                                                                                          0x02bd472b
                                                                                                          0x02bd4733
                                                                                                          0x02bd473b
                                                                                                          0x02bd474a
                                                                                                          0x02bd474b
                                                                                                          0x02bd474f
                                                                                                          0x02bd4754
                                                                                                          0x02bd475c
                                                                                                          0x02bd4767
                                                                                                          0x02bd476f
                                                                                                          0x02bd477a
                                                                                                          0x02bd4782
                                                                                                          0x02bd4787
                                                                                                          0x02bd478f
                                                                                                          0x02bd4797
                                                                                                          0x02bd479f
                                                                                                          0x02bd47a3
                                                                                                          0x02bd47ab
                                                                                                          0x02bd47b8
                                                                                                          0x02bd47bc
                                                                                                          0x02bd47c1
                                                                                                          0x02bd47c9
                                                                                                          0x02bd47d4
                                                                                                          0x02bd47df
                                                                                                          0x02bd47ea
                                                                                                          0x02bd47f2
                                                                                                          0x02bd47fa
                                                                                                          0x02bd47ff
                                                                                                          0x02bd4807
                                                                                                          0x02bd480f
                                                                                                          0x02bd481a
                                                                                                          0x02bd4825
                                                                                                          0x02bd4830
                                                                                                          0x02bd483e
                                                                                                          0x02bd4842
                                                                                                          0x02bd484a
                                                                                                          0x02bd484f
                                                                                                          0x02bd4857
                                                                                                          0x02bd4864
                                                                                                          0x02bd4868
                                                                                                          0x02bd486d
                                                                                                          0x02bd4875
                                                                                                          0x02bd487d
                                                                                                          0x02bd4885
                                                                                                          0x02bd488a
                                                                                                          0x02bd488f
                                                                                                          0x02bd4894
                                                                                                          0x02bd489c
                                                                                                          0x02bd48a9
                                                                                                          0x02bd48ad
                                                                                                          0x02bd48b5
                                                                                                          0x02bd48c6
                                                                                                          0x02bd48c9
                                                                                                          0x02bd48cd
                                                                                                          0x02bd48d5
                                                                                                          0x02bd48dd
                                                                                                          0x02bd48e5
                                                                                                          0x02bd48ed
                                                                                                          0x02bd48f2
                                                                                                          0x02bd48fa
                                                                                                          0x02bd4902
                                                                                                          0x02bd490a
                                                                                                          0x02bd4912
                                                                                                          0x02bd491a
                                                                                                          0x02bd491f
                                                                                                          0x02bd4927
                                                                                                          0x02bd492f
                                                                                                          0x02bd493c
                                                                                                          0x02bd4940
                                                                                                          0x02bd4948
                                                                                                          0x02bd4950
                                                                                                          0x02bd495b
                                                                                                          0x02bd4966
                                                                                                          0x02bd4971
                                                                                                          0x02bd497c
                                                                                                          0x02bd4987
                                                                                                          0x02bd4992
                                                                                                          0x02bd499a
                                                                                                          0x02bd49aa
                                                                                                          0x02bd49ae
                                                                                                          0x02bd49b6
                                                                                                          0x02bd49be
                                                                                                          0x02bd49c7
                                                                                                          0x02bd49cc
                                                                                                          0x02bd49d2
                                                                                                          0x02bd49da
                                                                                                          0x02bd49e2
                                                                                                          0x02bd49ea
                                                                                                          0x02bd49f2
                                                                                                          0x02bd49fa
                                                                                                          0x02bd4a02
                                                                                                          0x02bd4a0e
                                                                                                          0x02bd4a11
                                                                                                          0x02bd4a15
                                                                                                          0x02bd4a1d
                                                                                                          0x02bd4a25
                                                                                                          0x02bd4a2d
                                                                                                          0x02bd4a35
                                                                                                          0x02bd4a3d
                                                                                                          0x02bd4a45
                                                                                                          0x02bd4a4d
                                                                                                          0x02bd4a52
                                                                                                          0x02bd4a5a
                                                                                                          0x02bd4a62
                                                                                                          0x02bd4a6a
                                                                                                          0x02bd4a72
                                                                                                          0x02bd4a76
                                                                                                          0x02bd4a7a
                                                                                                          0x02bd4a82
                                                                                                          0x02bd4a8d
                                                                                                          0x02bd4a98
                                                                                                          0x02bd4aa3
                                                                                                          0x02bd4ab6
                                                                                                          0x02bd4abd
                                                                                                          0x02bd4ac8
                                                                                                          0x02bd4ad0
                                                                                                          0x02bd4ad8
                                                                                                          0x02bd4ae0
                                                                                                          0x02bd4aed
                                                                                                          0x02bd4af5
                                                                                                          0x02bd4afd
                                                                                                          0x02bd4b05
                                                                                                          0x02bd4b0d
                                                                                                          0x02bd4b15
                                                                                                          0x02bd4b1d
                                                                                                          0x02bd4b25
                                                                                                          0x02bd4b2a
                                                                                                          0x02bd4b32
                                                                                                          0x02bd4b3a
                                                                                                          0x02bd4b3f
                                                                                                          0x02bd4b47
                                                                                                          0x02bd4b4f
                                                                                                          0x02bd4b57
                                                                                                          0x02bd4b5f
                                                                                                          0x02bd4b64
                                                                                                          0x02bd4b6c
                                                                                                          0x02bd4b74
                                                                                                          0x02bd4b7c
                                                                                                          0x02bd4b84
                                                                                                          0x02bd4b89
                                                                                                          0x02bd4b8e
                                                                                                          0x02bd4b92
                                                                                                          0x02bd4b9a
                                                                                                          0x02bd4b9a
                                                                                                          0x02bd4ba8
                                                                                                          0x02bd4cdd
                                                                                                          0x02bd4cde
                                                                                                          0x02bd4ce6
                                                                                                          0x02bd4ceb
                                                                                                          0x02bd4cee
                                                                                                          0x02bd4cf7
                                                                                                          0x02bd4cf9
                                                                                                          0x00000000
                                                                                                          0x02bd4cf9
                                                                                                          0x02bd4bae
                                                                                                          0x02bd4bb4
                                                                                                          0x02bd4c4e
                                                                                                          0x02bd4caf
                                                                                                          0x02bd4cb4
                                                                                                          0x02bd4cbe
                                                                                                          0x02bd4d39
                                                                                                          0x02bd4d3b
                                                                                                          0x02bd4d43
                                                                                                          0x02bd4cc0
                                                                                                          0x02bd4cc0
                                                                                                          0x00000000
                                                                                                          0x02bd4cc0
                                                                                                          0x02bd4bba
                                                                                                          0x02bd4bc0
                                                                                                          0x02bd4bd9
                                                                                                          0x02bd4c2e
                                                                                                          0x02bd4c33
                                                                                                          0x02bd4c3a
                                                                                                          0x02bd4c40
                                                                                                          0x00000000
                                                                                                          0x02bd4c40
                                                                                                          0x02bd4bc2
                                                                                                          0x02bd4bc8
                                                                                                          0x00000000
                                                                                                          0x02bd4bce
                                                                                                          0x02bd4bce
                                                                                                          0x00000000
                                                                                                          0x02bd4bce
                                                                                                          0x02bd4bc8
                                                                                                          0x02bd4bc0
                                                                                                          0x02bd4bb4
                                                                                                          0x02bd4d46
                                                                                                          0x02bd4d52
                                                                                                          0x02bd4d52
                                                                                                          0x02bd4d16
                                                                                                          0x02bd4d1d
                                                                                                          0x02bd4d22
                                                                                                          0x02bd4d22
                                                                                                          0x00000000

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: .618$8 8F$<[$?K~$Nq$r20T$F$d>
                                                                                                          • API String ID: 0-914106314
                                                                                                          • Opcode ID: 683d1278cefdd434e017bc9916cf45e9c4526fdd2332dd50238aa9d7d25bfcc0
                                                                                                          • Instruction ID: dd14e1ad69f2dd611806f1cf69659092d010b314b31ac7fab133b59db677ddc6
                                                                                                          • Opcode Fuzzy Hash: 683d1278cefdd434e017bc9916cf45e9c4526fdd2332dd50238aa9d7d25bfcc0
                                                                                                          • Instruction Fuzzy Hash: 2DF1ED71009380DFD769CF61C98AA5BBBF1FB85748F108A1DE2DA86260D7B58948CF03
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BC017B, Relevance: 10.3, Strings: 8, Instructions: 263COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 90%
                                                                                                          			E02BC017B(void* __ecx, intOrPtr _a4, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32) {
				intOrPtr _v60;
				char _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				char _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				char _t272;
				void* _t295;
				signed int _t305;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				void* _t312;
				void* _t334;
				intOrPtr _t335;
				signed int* _t338;

				_push(_a32);
				_t334 = __ecx;
				_push(_a28);
				_push(_a24);
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(0);
				_push(_a4);
				_push(0);
				_push(__ecx);
				_t272 = E02BCFE29(0);
				_v84 = _t272;
				_t338 =  &(( &_v196)[0xa]);
				_v72 = _t272;
				_t335 = _t272;
				_v80 = 0x49e87b;
				_v76 = 0xc5c8e1;
				_t312 = 0x7956bd9;
				_v96 = 0x2d2511;
				_t305 = 0x6f;
				_v96 = _v96 / _t305;
				_v96 = _v96 ^ 0x00006c1e;
				_v192 = 0x2be237;
				_t22 =  &_v192; // 0x2be237
				_t306 = 0x35;
				_v192 =  *_t22 * 0x2a;
				_v192 = _v192 ^ 0x8f196f07;
				_v192 = _v192 ^ 0x2da4b7e5;
				_v192 = _v192 ^ 0xa58ec5c4;
				_v172 = 0x207d98;
				_v172 = _v172 ^ 0x972b32db;
				_v172 = _v172 | 0x9c7c4c28;
				_v172 = _v172 * 0x48;
				_v172 = _v172 ^ 0xdbcfdb8a;
				_v100 = 0x57c7e;
				_v100 = _v100 + 0xffffdd89;
				_v100 = _v100 ^ 0x000aed2d;
				_v124 = 0x64cad1;
				_v124 = _v124 + 0xffff2d5b;
				_v124 = _v124 << 4;
				_v124 = _v124 ^ 0x063cb223;
				_v148 = 0xd38c19;
				_v148 = _v148 >> 7;
				_v148 = _v148 >> 0xf;
				_v148 = _v148 ^ 0x0008e1ac;
				_v88 = 0xe6598d;
				_v88 = _v88 ^ 0xb40d33dc;
				_v88 = _v88 ^ 0xb4eaaa1c;
				_v92 = 0x85b818;
				_v92 = _v92 + 0xffffc4c3;
				_v92 = _v92 ^ 0x008e2283;
				_v104 = 0x6cafca;
				_v104 = _v104 * 0x73;
				_v104 = _v104 ^ 0x30d8f33f;
				_v120 = 0xea107;
				_v120 = _v120 / _t306;
				_v120 = _v120 ^ 0x000228b8;
				_v112 = 0x4bcc54;
				_v112 = _v112 * 0x3f;
				_v112 = _v112 ^ 0x12af13c7;
				_v176 = 0x25f352;
				_v176 = _v176 * 0x1d;
				_t307 = 0x55;
				_v176 = _v176 / _t307;
				_v176 = _v176 + 0xa166;
				_v176 = _v176 ^ 0x00018b34;
				_v168 = 0x70163a;
				_v168 = _v168 | 0xb665b778;
				_v168 = _v168 + 0xffff15cb;
				_v168 = _v168 + 0xffff931b;
				_v168 = _v168 ^ 0xb6787764;
				_v184 = 0xfb3451;
				_t308 = 0x2f;
				_v184 = _v184 * 0x55;
				_v184 = _v184 + 0xffff75a5;
				_v184 = _v184 * 0x5c;
				_v184 = _v184 ^ 0xf953722f;
				_v160 = 0x3448db;
				_v160 = _v160 | 0x0a9a3806;
				_v160 = _v160 + 0xffffbb3e;
				_v160 = _v160 << 6;
				_v160 = _v160 ^ 0xaf82d104;
				_v108 = 0x7f4bc6;
				_v108 = _v108 * 0x47;
				_v108 = _v108 ^ 0x234271fe;
				_v116 = 0x137e80;
				_v116 = _v116 << 7;
				_v116 = _v116 ^ 0x09bed852;
				_v140 = 0x58b738;
				_v140 = _v140 >> 3;
				_v140 = _v140 / _t308;
				_v140 = _v140 ^ 0x0006291c;
				_v152 = 0x1dae44;
				_v152 = _v152 + 0xb010;
				_t309 = 0x7a;
				_v152 = _v152 / _t309;
				_v152 = _v152 ^ 0x0004435a;
				_v136 = 0x3e9c6a;
				_v136 = _v136 + 0xffff4267;
				_v136 = _v136 + 0xa013;
				_v136 = _v136 ^ 0x00313444;
				_v128 = 0xfc4661;
				_v128 = _v128 ^ 0x84ef8931;
				_v128 = _v128 >> 6;
				_v128 = _v128 ^ 0x021c54a7;
				_v144 = 0x2fd65c;
				_v144 = _v144 | 0x65ad1a2d;
				_v144 = _v144 ^ 0x87299bd7;
				_v144 = _v144 ^ 0xe281bdf5;
				_v180 = 0x40c6e5;
				_v180 = _v180 + 0xffff5f75;
				_v180 = _v180 + 0x6863;
				_v180 = _v180 << 0xc;
				_v180 = _v180 ^ 0x08e53add;
				_v132 = 0x50fbcf;
				_v132 = _v132 | 0xda091e24;
				_v132 = _v132 + 0xffffc3f6;
				_v132 = _v132 ^ 0xda5ae4d8;
				_v188 = 0x29fd87;
				_v188 = _v188 | 0x249d2c08;
				_v188 = _v188 << 1;
				_v188 = _v188 | 0xc4033418;
				_v188 = _v188 ^ 0xcd7b5999;
				_v196 = 0x78de76;
				_v196 = _v196 * 0x7c;
				_v196 = _v196 + 0xffff171c;
				_v196 = _v196 >> 5;
				_v196 = _v196 ^ 0x01d3afb7;
				_v156 = 0x2e37f5;
				_v156 = _v156 + 0xffff32dd;
				_v156 = _v156 >> 1;
				_v156 = _v156 * 0x73;
				_v156 = _v156 ^ 0x0a367c41;
				_v164 = 0x79bcb0;
				_v164 = _v164 + 0x8106;
				_v164 = _v164 + 0x4469;
				_v164 = _v164 + 0xffff19e3;
				_v164 = _v164 ^ 0x007fae8c;
				do {
					while(_t312 != 0x59e10b1) {
						if(_t312 == 0x7956bd9) {
							_t312 = 0x84e17ac;
							continue;
						} else {
							if(_t312 == 0x84e17ac) {
								_t264 =  &_v84; // 0x49e87b
								_t267 =  &_v172; // 0xa367c41
								_t295 = E02BC4178( *_t267, _v100, _t264, _a20, _v124);
								_t338 =  &(_t338[4]);
								__eflags = _t295;
								if(_t295 != 0) {
									_t312 = 0x9148c69;
									continue;
								}
							} else {
								_t344 = _t312 - 0x9148c69;
								if(_t312 != 0x9148c69) {
									goto L10;
								} else {
									E02BCFE2A(_v148, _v88, 0x44,  &_v68);
									_push(_v112);
									_v68 = 0x44;
									_push(_v120);
									_push(_v104);
									_v60 = E02BCE1F8(0x2bb1224, _v92, _t344);
									_t335 = E02BB473D(_a20, _v176, _v168, 0x2bb1224, 0x2bb1224, _v184, _v160, 0, _a24, _v108, _t334, _v116, _v140, _v152, _v84, 0x2bb1224, _v136, _v128, _v144, _v192 | _v96,  &_v68);
									E02BCFECB(_v60, _v180, _v132, _v188, _v196);
									_t338 =  &(_t338[0x1c]);
									_t312 = 0x59e10b1;
									continue;
								}
							}
						}
						goto L11;
					}
					_t269 =  &_v84; // 0x49e87b
					E02BC7952(_v156,  *_t269, _v164);
					_t312 = 0xf5fdc0f;
					L10:
					__eflags = _t312 - 0xf5fdc0f;
				} while (_t312 != 0xf5fdc0f);
				L11:
				return _t335;
			}
















































                                                                                                          0x02bc0185
                                                                                                          0x02bc018e
                                                                                                          0x02bc0190
                                                                                                          0x02bc0197
                                                                                                          0x02bc019e
                                                                                                          0x02bc01a5
                                                                                                          0x02bc01ac
                                                                                                          0x02bc01b3
                                                                                                          0x02bc01b4
                                                                                                          0x02bc01bb
                                                                                                          0x02bc01bc
                                                                                                          0x02bc01bd
                                                                                                          0x02bc01c2
                                                                                                          0x02bc01c9
                                                                                                          0x02bc01cc
                                                                                                          0x02bc01d3
                                                                                                          0x02bc01d5
                                                                                                          0x02bc01e2
                                                                                                          0x02bc01ed
                                                                                                          0x02bc01f2
                                                                                                          0x02bc0200
                                                                                                          0x02bc0205
                                                                                                          0x02bc020b
                                                                                                          0x02bc0213
                                                                                                          0x02bc021b
                                                                                                          0x02bc0220
                                                                                                          0x02bc0221
                                                                                                          0x02bc0225
                                                                                                          0x02bc022d
                                                                                                          0x02bc0235
                                                                                                          0x02bc023d
                                                                                                          0x02bc0245
                                                                                                          0x02bc024d
                                                                                                          0x02bc025a
                                                                                                          0x02bc025e
                                                                                                          0x02bc0266
                                                                                                          0x02bc026e
                                                                                                          0x02bc0276
                                                                                                          0x02bc027e
                                                                                                          0x02bc0286
                                                                                                          0x02bc028e
                                                                                                          0x02bc0293
                                                                                                          0x02bc029b
                                                                                                          0x02bc02a3
                                                                                                          0x02bc02a8
                                                                                                          0x02bc02ad
                                                                                                          0x02bc02b5
                                                                                                          0x02bc02bd
                                                                                                          0x02bc02c5
                                                                                                          0x02bc02cd
                                                                                                          0x02bc02d5
                                                                                                          0x02bc02dd
                                                                                                          0x02bc02e5
                                                                                                          0x02bc02f2
                                                                                                          0x02bc02f6
                                                                                                          0x02bc02fe
                                                                                                          0x02bc030c
                                                                                                          0x02bc0310
                                                                                                          0x02bc0318
                                                                                                          0x02bc0325
                                                                                                          0x02bc0329
                                                                                                          0x02bc0331
                                                                                                          0x02bc033e
                                                                                                          0x02bc034a
                                                                                                          0x02bc034f
                                                                                                          0x02bc0355
                                                                                                          0x02bc035d
                                                                                                          0x02bc0365
                                                                                                          0x02bc036d
                                                                                                          0x02bc0375
                                                                                                          0x02bc037d
                                                                                                          0x02bc0385
                                                                                                          0x02bc038d
                                                                                                          0x02bc039a
                                                                                                          0x02bc039d
                                                                                                          0x02bc03a1
                                                                                                          0x02bc03ae
                                                                                                          0x02bc03b2
                                                                                                          0x02bc03ba
                                                                                                          0x02bc03c2
                                                                                                          0x02bc03ca
                                                                                                          0x02bc03d2
                                                                                                          0x02bc03d7
                                                                                                          0x02bc03df
                                                                                                          0x02bc03ec
                                                                                                          0x02bc03f0
                                                                                                          0x02bc03f8
                                                                                                          0x02bc0400
                                                                                                          0x02bc0405
                                                                                                          0x02bc040d
                                                                                                          0x02bc0415
                                                                                                          0x02bc0422
                                                                                                          0x02bc0426
                                                                                                          0x02bc042e
                                                                                                          0x02bc0436
                                                                                                          0x02bc0442
                                                                                                          0x02bc0445
                                                                                                          0x02bc0449
                                                                                                          0x02bc0451
                                                                                                          0x02bc0459
                                                                                                          0x02bc0461
                                                                                                          0x02bc0469
                                                                                                          0x02bc0471
                                                                                                          0x02bc0479
                                                                                                          0x02bc0481
                                                                                                          0x02bc0486
                                                                                                          0x02bc048e
                                                                                                          0x02bc0496
                                                                                                          0x02bc049e
                                                                                                          0x02bc04a6
                                                                                                          0x02bc04ae
                                                                                                          0x02bc04b6
                                                                                                          0x02bc04be
                                                                                                          0x02bc04c6
                                                                                                          0x02bc04cb
                                                                                                          0x02bc04d3
                                                                                                          0x02bc04db
                                                                                                          0x02bc04e3
                                                                                                          0x02bc04eb
                                                                                                          0x02bc04f3
                                                                                                          0x02bc04fb
                                                                                                          0x02bc0503
                                                                                                          0x02bc0507
                                                                                                          0x02bc050f
                                                                                                          0x02bc0517
                                                                                                          0x02bc0524
                                                                                                          0x02bc0528
                                                                                                          0x02bc0530
                                                                                                          0x02bc0535
                                                                                                          0x02bc053d
                                                                                                          0x02bc054a
                                                                                                          0x02bc0557
                                                                                                          0x02bc0560
                                                                                                          0x02bc0564
                                                                                                          0x02bc056c
                                                                                                          0x02bc0574
                                                                                                          0x02bc057c
                                                                                                          0x02bc0584
                                                                                                          0x02bc058c
                                                                                                          0x02bc0594
                                                                                                          0x02bc0594
                                                                                                          0x02bc05a6
                                                                                                          0x02bc06c4
                                                                                                          0x00000000
                                                                                                          0x02bc05ac
                                                                                                          0x02bc05ae
                                                                                                          0x02bc069a
                                                                                                          0x02bc06ad
                                                                                                          0x02bc06b1
                                                                                                          0x02bc06b6
                                                                                                          0x02bc06b9
                                                                                                          0x02bc06bb
                                                                                                          0x02bc06bd
                                                                                                          0x00000000
                                                                                                          0x02bc06bd
                                                                                                          0x02bc05b4
                                                                                                          0x02bc05b4
                                                                                                          0x02bc05b6
                                                                                                          0x00000000
                                                                                                          0x02bc05bc
                                                                                                          0x02bc05ce
                                                                                                          0x02bc05d3
                                                                                                          0x02bc05dc
                                                                                                          0x02bc05e7
                                                                                                          0x02bc05eb
                                                                                                          0x02bc05fe
                                                                                                          0x02bc066c
                                                                                                          0x02bc0684
                                                                                                          0x02bc0689
                                                                                                          0x02bc068c
                                                                                                          0x00000000
                                                                                                          0x02bc068c
                                                                                                          0x02bc05b6
                                                                                                          0x02bc05ae
                                                                                                          0x00000000
                                                                                                          0x02bc05a6
                                                                                                          0x02bc06cf
                                                                                                          0x02bc06da
                                                                                                          0x02bc06e0
                                                                                                          0x02bc06e5
                                                                                                          0x02bc06e5
                                                                                                          0x02bc06e5
                                                                                                          0x02bc06f2
                                                                                                          0x02bc06fd

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: -$7+$A|6$D$D41$ch$iD${I
                                                                                                          • API String ID: 0-1622838380
                                                                                                          • Opcode ID: 3149e2c43cbfe894dfcc448cdcbdbe150845112c6bc451df1adbb1cc1af828c0
                                                                                                          • Instruction ID: 9e4358db6798d5e43ff9fa6643b2a431f44d7de873c4d2f8305e6bcd4d07df1c
                                                                                                          • Opcode Fuzzy Hash: 3149e2c43cbfe894dfcc448cdcbdbe150845112c6bc451df1adbb1cc1af828c0
                                                                                                          • Instruction Fuzzy Hash: 00D1FEB25083819FD368CF61C889A1BFBE1FBD5758F508A1DF69596260D3B58948CF03
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BC27F9, Relevance: 10.2, Strings: 8, Instructions: 232COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 97%
                                                                                                          			E02BC27F9() {
				char _v520;
				char _v1040;
				signed int _v1044;
				signed int _v1048;
				signed int _v1052;
				signed int _v1056;
				signed int _v1060;
				signed int _v1064;
				signed int _v1068;
				signed int _v1072;
				signed int _v1076;
				signed int _v1080;
				signed int _v1084;
				signed int _v1088;
				signed int _v1092;
				signed int _v1096;
				signed int _v1100;
				signed int _v1104;
				signed int _v1108;
				signed int _v1112;
				signed int _v1116;
				signed int _v1120;
				signed int _v1124;
				signed int _v1128;
				signed int _v1132;
				signed int _v1136;
				signed int _v1140;
				signed int _v1144;
				short* _t249;
				void* _t251;
				intOrPtr _t253;
				intOrPtr _t257;
				void* _t260;
				intOrPtr _t267;
				signed int _t288;
				signed int _t289;
				signed int _t290;
				signed int _t291;
				signed int* _t294;

				_t294 =  &_v1144;
				_v1076 = 0xe2454d;
				_v1076 = _v1076 << 0xe;
				_t260 = 0xa27996a;
				_v1076 = _v1076 ^ 0x9150c829;
				_v1116 = 0xb7d7ba;
				_v1116 = _v1116 >> 3;
				_v1116 = _v1116 * 0x45;
				_v1116 = _v1116 ^ 0x0637cdcd;
				_v1064 = 0x633f3;
				_t288 = 7;
				_v1064 = _v1064 / _t288;
				_v1064 = _v1064 ^ 0x000e68da;
				_v1044 = 0x68e137;
				_v1044 = _v1044 >> 8;
				_v1044 = _v1044 ^ 0x000f94d8;
				_v1104 = 0x560a82;
				_t289 = 0x4d;
				_v1104 = _v1104 * 0x12;
				_v1104 = _v1104 << 0xa;
				_v1104 = _v1104 ^ 0x32f73e43;
				_v1128 = 0x20b49c;
				_v1128 = _v1128 + 0xffff9350;
				_v1128 = _v1128 / _t289;
				_v1128 = _v1128 + 0xffff69f1;
				_v1128 = _v1128 ^ 0xfff8ef71;
				_v1144 = 0xda057e;
				_v1144 = _v1144 | 0x61d5fb11;
				_v1144 = _v1144 + 0x9b0d;
				_t290 = 0x47;
				_v1144 = _v1144 / _t290;
				_v1144 = _v1144 ^ 0x016fc7d6;
				_v1108 = 0xd954d9;
				_v1108 = _v1108 >> 3;
				_v1108 = _v1108 * 0x2a;
				_v1108 = _v1108 ^ 0x047d2f3f;
				_v1084 = 0xee9532;
				_v1084 = _v1084 | 0x01e1ea12;
				_v1084 = _v1084 * 0x5e;
				_v1084 = _v1084 ^ 0xb61982a0;
				_v1136 = 0x9da312;
				_v1136 = _v1136 * 0xb;
				_v1136 = _v1136 + 0xfaec;
				_v1136 = _v1136 << 4;
				_v1136 = _v1136 ^ 0x6c675c41;
				_v1048 = 0x5b4722;
				_v1048 = _v1048 + 0x58c6;
				_v1048 = _v1048 ^ 0x0051fe1e;
				_v1140 = 0xb81c47;
				_v1140 = _v1140 | 0xf47f3da9;
				_v1140 = _v1140 + 0xffffb1b6;
				_v1140 = _v1140 * 0x52;
				_v1140 = _v1140 ^ 0x79a8ba01;
				_v1100 = 0x4ec91e;
				_v1100 = _v1100 + 0xffff658a;
				_v1100 = _v1100 + 0xa7da;
				_v1100 = _v1100 ^ 0x004d9e7a;
				_v1056 = 0xd22e34;
				_v1056 = _v1056 * 0x39;
				_v1056 = _v1056 ^ 0x2eccf222;
				_v1092 = 0x4415ff;
				_v1092 = _v1092 << 0xc;
				_v1092 = _v1092 + 0xffffcb4f;
				_v1092 = _v1092 ^ 0x4156ca29;
				_v1112 = 0xebdea7;
				_v1112 = _v1112 + 0xffff30b5;
				_v1112 = _v1112 ^ 0x44658fef;
				_v1112 = _v1112 ^ 0x4481ff75;
				_v1132 = 0x210e2f;
				_v1132 = _v1132 + 0x4766;
				_v1132 = _v1132 >> 6;
				_t291 = 0x78;
				_v1132 = _v1132 / _t291;
				_v1132 = _v1132 ^ 0x000739d3;
				_v1072 = 0xec15b6;
				_v1072 = _v1072 + 0xf74;
				_v1072 = _v1072 ^ 0x00e11cf3;
				_v1096 = 0xda8ada;
				_v1096 = _v1096 >> 0xe;
				_v1096 = _v1096 * 0x4f;
				_v1096 = _v1096 ^ 0x00036eb4;
				_v1120 = 0x69db3;
				_v1120 = _v1120 + 0x311c;
				_v1120 = _v1120 << 2;
				_v1120 = _v1120 ^ 0x00187b2b;
				_v1068 = 0x7459e2;
				_v1068 = _v1068 >> 8;
				_v1068 = _v1068 ^ 0x000d8df4;
				_v1060 = 0x7a5957;
				_v1060 = _v1060 + 0x9cd0;
				_v1060 = _v1060 ^ 0x007b6b01;
				_v1088 = 0xc3c012;
				_v1088 = _v1088 >> 0x10;
				_v1088 = _v1088 << 5;
				_v1088 = _v1088 ^ 0x00089583;
				_v1124 = 0x7ac281;
				_v1124 = _v1124 >> 0xa;
				_v1124 = _v1124 >> 0xf;
				_v1124 = _v1124 + 0xc97f;
				_v1124 = _v1124 ^ 0x00055573;
				_v1052 = 0x890174;
				_v1052 = _v1052 + 0xa006;
				_v1052 = _v1052 ^ 0x008bc550;
				_v1080 = 0xeb1cb6;
				_v1080 = _v1080 ^ 0x4b3beb78;
				_v1080 = _v1080 >> 0x10;
				_v1080 = _v1080 ^ 0x00025049;
				while(_t260 != 0x3b56309) {
					if(_t260 == 0x7219719) {
						E02BCDC71();
						L8:
						_t260 = 0x9bc0f5a;
						continue;
					}
					if(_t260 == 0x9631a61) {
						_t249 = E02BC09DD(_v1060,  &_v1040, _v1088, _v1124);
						__eflags = 0;
						 *_t249 = 0;
						return E02BB856E( &_v1040, _v1052, _v1080);
					}
					if(_t260 == 0x9bc0f5a) {
						_push(_v1128);
						_push(_v1104);
						_push(_v1044);
						_t251 = E02BCE1F8(0x2bb1000, _v1064, __eflags);
						_t267 =  *0x2bd6214; // 0x0
						_t253 =  *0x2bd6214; // 0x0
						E02BD2D0A(_v1108, __eflags, _t253 + 0x23c, _v1084, _v1136, _v1048, _t267 + 0x34,  &_v1040, _t267 + 0x34, _t251);
						E02BCFECB(_t251, _v1140, _v1100, _v1056, _v1092);
						_t294 =  &(_t294[0xe]);
						_t260 = 0x3b56309;
						continue;
					}
					if(_t260 == 0xa27996a) {
						_t257 =  *0x2bd6214; // 0x0
						__eflags =  *((intOrPtr*)(_t257 + 0x20));
						_t260 =  !=  ? 0xb537953 : 0x7219719;
						continue;
					}
					if(_t260 != 0xb537953) {
						L13:
						__eflags = _t260 - 0xf6a818b;
						if(__eflags != 0) {
							continue;
						}
						return _t257;
					}
					_t257 = E02BBA445();
					goto L8;
				}
				E02BB1CA1(_v1112, _v1132, _v1072,  &_v520);
				E02BC654A(_v1096, _v1120, __eflags,  &_v1040, _v1068,  &_v520);
				_t294 =  &(_t294[5]);
				_t260 = 0x9631a61;
				goto L13;
			}










































                                                                                                          0x02bc27f9
                                                                                                          0x02bc27ff
                                                                                                          0x02bc2809
                                                                                                          0x02bc280e
                                                                                                          0x02bc2813
                                                                                                          0x02bc281b
                                                                                                          0x02bc2823
                                                                                                          0x02bc2831
                                                                                                          0x02bc2835
                                                                                                          0x02bc283d
                                                                                                          0x02bc284b
                                                                                                          0x02bc2850
                                                                                                          0x02bc2856
                                                                                                          0x02bc285e
                                                                                                          0x02bc2866
                                                                                                          0x02bc286b
                                                                                                          0x02bc2873
                                                                                                          0x02bc2880
                                                                                                          0x02bc2883
                                                                                                          0x02bc2887
                                                                                                          0x02bc288c
                                                                                                          0x02bc2894
                                                                                                          0x02bc289c
                                                                                                          0x02bc28ac
                                                                                                          0x02bc28b0
                                                                                                          0x02bc28b8
                                                                                                          0x02bc28c0
                                                                                                          0x02bc28c8
                                                                                                          0x02bc28d0
                                                                                                          0x02bc28dc
                                                                                                          0x02bc28df
                                                                                                          0x02bc28e3
                                                                                                          0x02bc28eb
                                                                                                          0x02bc28f3
                                                                                                          0x02bc28fd
                                                                                                          0x02bc2901
                                                                                                          0x02bc2909
                                                                                                          0x02bc2911
                                                                                                          0x02bc291e
                                                                                                          0x02bc2922
                                                                                                          0x02bc292a
                                                                                                          0x02bc2937
                                                                                                          0x02bc293b
                                                                                                          0x02bc2943
                                                                                                          0x02bc2948
                                                                                                          0x02bc2950
                                                                                                          0x02bc2958
                                                                                                          0x02bc2960
                                                                                                          0x02bc2968
                                                                                                          0x02bc2970
                                                                                                          0x02bc2978
                                                                                                          0x02bc2985
                                                                                                          0x02bc2989
                                                                                                          0x02bc2991
                                                                                                          0x02bc2999
                                                                                                          0x02bc29a1
                                                                                                          0x02bc29a9
                                                                                                          0x02bc29b1
                                                                                                          0x02bc29be
                                                                                                          0x02bc29c2
                                                                                                          0x02bc29cc
                                                                                                          0x02bc29d9
                                                                                                          0x02bc29e3
                                                                                                          0x02bc29f0
                                                                                                          0x02bc29f8
                                                                                                          0x02bc2a00
                                                                                                          0x02bc2a08
                                                                                                          0x02bc2a10
                                                                                                          0x02bc2a18
                                                                                                          0x02bc2a20
                                                                                                          0x02bc2a28
                                                                                                          0x02bc2a33
                                                                                                          0x02bc2a36
                                                                                                          0x02bc2a3a
                                                                                                          0x02bc2a42
                                                                                                          0x02bc2a4a
                                                                                                          0x02bc2a52
                                                                                                          0x02bc2a5a
                                                                                                          0x02bc2a62
                                                                                                          0x02bc2a6c
                                                                                                          0x02bc2a70
                                                                                                          0x02bc2a78
                                                                                                          0x02bc2a80
                                                                                                          0x02bc2a88
                                                                                                          0x02bc2a8d
                                                                                                          0x02bc2a95
                                                                                                          0x02bc2a9d
                                                                                                          0x02bc2aa2
                                                                                                          0x02bc2aaa
                                                                                                          0x02bc2ab2
                                                                                                          0x02bc2aba
                                                                                                          0x02bc2ac2
                                                                                                          0x02bc2aca
                                                                                                          0x02bc2acf
                                                                                                          0x02bc2ad4
                                                                                                          0x02bc2adc
                                                                                                          0x02bc2ae4
                                                                                                          0x02bc2ae9
                                                                                                          0x02bc2aee
                                                                                                          0x02bc2af6
                                                                                                          0x02bc2afe
                                                                                                          0x02bc2b06
                                                                                                          0x02bc2b0e
                                                                                                          0x02bc2b16
                                                                                                          0x02bc2b1e
                                                                                                          0x02bc2b26
                                                                                                          0x02bc2b2b
                                                                                                          0x02bc2b33
                                                                                                          0x02bc2b41
                                                                                                          0x02bc2c06
                                                                                                          0x02bc2b70
                                                                                                          0x02bc2b70
                                                                                                          0x00000000
                                                                                                          0x02bc2b70
                                                                                                          0x02bc2b4d
                                                                                                          0x02bc2c70
                                                                                                          0x02bc2c7d
                                                                                                          0x02bc2c7f
                                                                                                          0x00000000
                                                                                                          0x02bc2c8e
                                                                                                          0x02bc2b55
                                                                                                          0x02bc2b84
                                                                                                          0x02bc2b8d
                                                                                                          0x02bc2b91
                                                                                                          0x02bc2b99
                                                                                                          0x02bc2b9e
                                                                                                          0x02bc2bc3
                                                                                                          0x02bc2bd6
                                                                                                          0x02bc2bf0
                                                                                                          0x02bc2bf5
                                                                                                          0x02bc2bf8
                                                                                                          0x00000000
                                                                                                          0x02bc2bf8
                                                                                                          0x02bc2b5d
                                                                                                          0x02bc2b74
                                                                                                          0x02bc2b7b
                                                                                                          0x02bc2b7f
                                                                                                          0x00000000
                                                                                                          0x02bc2b7f
                                                                                                          0x02bc2b61
                                                                                                          0x02bc2c52
                                                                                                          0x02bc2c52
                                                                                                          0x02bc2c58
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bc2c58
                                                                                                          0x02bc2b6b
                                                                                                          0x00000000
                                                                                                          0x02bc2b6b
                                                                                                          0x02bc2c24
                                                                                                          0x02bc2c45
                                                                                                          0x02bc2c4a
                                                                                                          0x02bc2c4d
                                                                                                          0x00000000

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: "G[$7h$A\gl$ME$WYz$fG$x;K$Yt
                                                                                                          • API String ID: 0-2581693823
                                                                                                          • Opcode ID: 9ceeeae57d78b68bd2cbb7a517b7a146ef18b1d626c8430230fa5595c08d66b1
                                                                                                          • Instruction ID: 05c703af65b00f47f43f201fff371e0e99fa043dfea27c6271cea60b07a46b5e
                                                                                                          • Opcode Fuzzy Hash: 9ceeeae57d78b68bd2cbb7a517b7a146ef18b1d626c8430230fa5595c08d66b1
                                                                                                          • Instruction Fuzzy Hash: 3AC11CB24093419FC368CF25C58A51BBBF1FBC4758F108A6DF69696260D7B58A09CF83
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BD3263, Relevance: 10.2, Strings: 8, Instructions: 175COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 92%
                                                                                                          			E02BD3263(void* __ecx, void* __edx, void* __eflags, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a16) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				void* _t171;
				void* _t188;
				void* _t198;
				void* _t200;
				signed int _t202;
				signed int _t203;
				signed int _t204;
				signed int _t205;
				signed int _t206;
				signed int _t207;
				void* _t233;
				void* _t238;
				signed int* _t242;
				signed int* _t243;
				signed int* _t244;

				_push(_a16);
				_t240 = _a4;
				_push(0);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E02BCFE29(_t171);
				_v52 = 0x577e5f;
				_v52 = _v52 >> 2;
				_v52 = _v52 >> 2;
				_t202 = 0x5a;
				_v52 = _v52 / _t202;
				_v52 = _v52 ^ 0x00001f8d;
				_v56 = 0xc1a783;
				_v56 = _v56 | 0xd091f394;
				_t203 = 0x7d;
				_v56 = _v56 / _t203;
				_v56 = _v56 >> 0xa;
				_v56 = _v56 ^ 0x00004aea;
				_v36 = 0x5ab329;
				_v36 = _v36 | 0xfb978afd;
				_v36 = _v36 << 0xc;
				_v36 = _v36 << 5;
				_v36 = _v36 ^ 0x77fa0040;
				_v60 = 0xfb6851;
				_t204 = 0x5f;
				_v60 = _v60 / _t204;
				_v60 = _v60 + 0xffff827f;
				_v60 = _v60 + 0xffffffdf;
				_v60 = _v60 ^ 0x000cafd7;
				_v24 = 0xe59b9d;
				_v24 = _v24 + 0x8cf1;
				_v24 = _v24 << 0xd;
				_v24 = _v24 ^ 0xc51da5fe;
				_v40 = 0x4a3359;
				_v40 = _v40 + 0xb1f1;
				_v40 = _v40 ^ 0xc176e2ad;
				_v40 = _v40 << 0xb;
				_v40 = _v40 ^ 0xe0393f27;
				_v44 = 0x442ad8;
				_v44 = _v44 + 0xffffa8db;
				_v44 = _v44 ^ 0xa2d0149a;
				_v44 = _v44 | 0x2bbd0b31;
				_v44 = _v44 ^ 0xabb0f764;
				_v20 = 0x80424;
				_v20 = _v20 + 0xffff6539;
				_v20 = _v20 + 0xd5f9;
				_v20 = _v20 ^ 0x000cf2ae;
				_v48 = 0x677157;
				_v48 = _v48 + 0xec21;
				_v48 = _v48 ^ 0x036b165d;
				_t205 = 0x14;
				_v48 = _v48 / _t205;
				_v48 = _v48 ^ 0x002fc559;
				_v16 = 0xa7ae7b;
				_v16 = _v16 | 0x7198ce36;
				_v16 = _v16 << 1;
				_v16 = _v16 ^ 0xe373c07b;
				_v32 = 0xbd3d32;
				_v32 = _v32 | 0x84fa4a87;
				_v32 = _v32 * 0xf;
				_t206 = 0x34;
				_v32 = _v32 * 0x4e;
				_v32 = _v32 ^ 0xd7bdec0b;
				_v8 = 0x4158ae;
				_v8 = _v8 / _t206;
				_v8 = _v8 ^ 0x000847ec;
				_v28 = 0x8e7645;
				_v28 = _v28 + 0xffff0216;
				_v28 = _v28 + 0x7276;
				_t207 = 0x60;
				_v28 = _v28 * 0x4a;
				_v28 = _v28 ^ 0x290f0829;
				_v4 = 0x80a154;
				_v4 = _v4 ^ 0x762c831e;
				_v4 = _v4 ^ 0x76a70d93;
				_v12 = 0x206e81;
				_v12 = _v12 / _t207;
				_v12 = _v12 + 0xffffa107;
				_v12 = _v12 ^ 0xffff9c06;
				_t208 = _v60;
				_t188 = E02BD287F(_v60, _a4, _v24);
				_t198 = _t188;
				_t242 =  &(( &_v60)[7]);
				if(_t198 != 0) {
					_t233 = E02BC62C7( *((intOrPtr*)(_t198 + 0x50)), _v36, _v40, _t208, _v44, _v20, _v48, _v56 | _v52);
					_t243 =  &(_t242[6]);
					if(_t233 == 0) {
						L6:
						return _t233;
					}
					E02BCC9B0(_v16, _t233, _v32,  *((intOrPtr*)(_t198 + 0x54)),  *_t240, _v8);
					_t244 =  &(_t243[4]);
					_t238 = ( *(_t198 + 0x14) & 0x0000ffff) + 0x18 + _t198;
					_t200 = ( *(_t198 + 6) & 0x0000ffff) * 0x28 + _t238;
					while(_t238 < _t200) {
						_t196 =  <  ?  *((void*)(_t238 + 8)) :  *((intOrPtr*)(_t238 + 0x10));
						E02BCC9B0(_v28,  *((intOrPtr*)(_t238 + 0xc)) + _t233, _v4,  <  ?  *((void*)(_t238 + 8)) :  *((intOrPtr*)(_t238 + 0x10)),  *_t240 +  *((intOrPtr*)(_t238 + 0x14)), _v12);
						_t244 =  &(_t244[4]);
						_t238 = _t238 + 0x28;
					}
					goto L6;
				}
				return _t188;
			}

































                                                                                                          0x02bd3268
                                                                                                          0x02bd326c
                                                                                                          0x02bd3270
                                                                                                          0x02bd3272
                                                                                                          0x02bd3276
                                                                                                          0x02bd3277
                                                                                                          0x02bd3278
                                                                                                          0x02bd3279
                                                                                                          0x02bd327e
                                                                                                          0x02bd3288
                                                                                                          0x02bd328d
                                                                                                          0x02bd3298
                                                                                                          0x02bd329d
                                                                                                          0x02bd32a3
                                                                                                          0x02bd32ab
                                                                                                          0x02bd32b3
                                                                                                          0x02bd32bf
                                                                                                          0x02bd32c4
                                                                                                          0x02bd32ca
                                                                                                          0x02bd32cf
                                                                                                          0x02bd32d7
                                                                                                          0x02bd32df
                                                                                                          0x02bd32e7
                                                                                                          0x02bd32ec
                                                                                                          0x02bd32f1
                                                                                                          0x02bd32f9
                                                                                                          0x02bd3305
                                                                                                          0x02bd330a
                                                                                                          0x02bd3310
                                                                                                          0x02bd3318
                                                                                                          0x02bd331d
                                                                                                          0x02bd3325
                                                                                                          0x02bd332d
                                                                                                          0x02bd3335
                                                                                                          0x02bd333a
                                                                                                          0x02bd3342
                                                                                                          0x02bd334a
                                                                                                          0x02bd3352
                                                                                                          0x02bd335a
                                                                                                          0x02bd335f
                                                                                                          0x02bd3367
                                                                                                          0x02bd336f
                                                                                                          0x02bd3377
                                                                                                          0x02bd337f
                                                                                                          0x02bd3387
                                                                                                          0x02bd338f
                                                                                                          0x02bd3397
                                                                                                          0x02bd339f
                                                                                                          0x02bd33a7
                                                                                                          0x02bd33af
                                                                                                          0x02bd33b7
                                                                                                          0x02bd33bf
                                                                                                          0x02bd33cb
                                                                                                          0x02bd33ce
                                                                                                          0x02bd33d2
                                                                                                          0x02bd33da
                                                                                                          0x02bd33e2
                                                                                                          0x02bd33ea
                                                                                                          0x02bd33ee
                                                                                                          0x02bd33f6
                                                                                                          0x02bd33fe
                                                                                                          0x02bd340b
                                                                                                          0x02bd3418
                                                                                                          0x02bd341b
                                                                                                          0x02bd341f
                                                                                                          0x02bd3427
                                                                                                          0x02bd3437
                                                                                                          0x02bd343b
                                                                                                          0x02bd3443
                                                                                                          0x02bd344b
                                                                                                          0x02bd3453
                                                                                                          0x02bd3460
                                                                                                          0x02bd3461
                                                                                                          0x02bd3465
                                                                                                          0x02bd346d
                                                                                                          0x02bd3475
                                                                                                          0x02bd347d
                                                                                                          0x02bd3485
                                                                                                          0x02bd3495
                                                                                                          0x02bd3499
                                                                                                          0x02bd34a1
                                                                                                          0x02bd34ad
                                                                                                          0x02bd34b1
                                                                                                          0x02bd34b6
                                                                                                          0x02bd34b8
                                                                                                          0x02bd34bd
                                                                                                          0x02bd34ea
                                                                                                          0x02bd34ec
                                                                                                          0x02bd34f1
                                                                                                          0x02bd3557
                                                                                                          0x00000000
                                                                                                          0x02bd3559
                                                                                                          0x02bd3508
                                                                                                          0x02bd3511
                                                                                                          0x02bd351b
                                                                                                          0x02bd3520
                                                                                                          0x02bd3552
                                                                                                          0x02bd353a
                                                                                                          0x02bd3547
                                                                                                          0x02bd354c
                                                                                                          0x02bd354f
                                                                                                          0x02bd354f
                                                                                                          0x00000000
                                                                                                          0x02bd3556
                                                                                                          0x02bd355f

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: !$$P$'?9$@$Wqg$_~W$vr$J
                                                                                                          • API String ID: 0-3966742547
                                                                                                          • Opcode ID: fef6665b2dcae0e8f76fd5e1b4eb73354bf8a0be14dccf9d357c285fbdd5a555
                                                                                                          • Instruction ID: 872fcd4ba6e63ba4d9aca09c203992b6f8efd11d75b7be50d6f1953e075de30a
                                                                                                          • Opcode Fuzzy Hash: fef6665b2dcae0e8f76fd5e1b4eb73354bf8a0be14dccf9d357c285fbdd5a555
                                                                                                          • Instruction Fuzzy Hash: 84813072508340AFC358CF66C88981BBBF2FBC5758F10991DF99986260D3B6D945CF06
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BD17BD, Relevance: 9.1, Strings: 7, Instructions: 356COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 93%
                                                                                                          			E02BD17BD(void* __ecx, intOrPtr _a4, intOrPtr _a8) {
				char _v520;
				char _v1040;
				char _v1560;
				intOrPtr _v1564;
				intOrPtr _v1568;
				intOrPtr _v1572;
				intOrPtr _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				signed int _v1708;
				signed int _v1712;
				signed int _v1716;
				signed int _v1720;
				signed int _v1724;
				signed int _v1728;
				void* _t369;
				void* _t397;
				intOrPtr _t400;
				intOrPtr _t402;
				void* _t412;
				intOrPtr _t415;
				intOrPtr _t419;
				void* _t425;
				intOrPtr _t462;
				signed int _t463;
				signed int _t464;
				signed int _t465;
				signed int _t466;
				signed int _t467;
				signed int _t468;
				signed int _t469;
				signed int _t470;
				signed int* _t475;

				_push(_a8);
				_t462 = 0;
				_push(_a4);
				_push(0);
				_push(__ecx);
				E02BCFE29(_t369);
				_v1576 = 0x13bb59;
				_t475 =  &(( &_v1728)[4]);
				_v1572 = 0x74d317;
				_v1568 = 0x8520ae;
				_t425 = 0xbbc45e7;
				_v1564 = 0;
				_v1636 = 0xff081c;
				_v1636 = _v1636 + 0xffff5aa8;
				_v1636 = _v1636 | 0xdf687e40;
				_v1636 = _v1636 ^ 0xdffe7eed;
				_v1592 = 0x1eb670;
				_t463 = 3;
				_v1592 = _v1592 / _t463;
				_v1592 = _v1592 ^ 0x000911f1;
				_v1588 = 0xd7f028;
				_v1588 = _v1588 + 0x99cf;
				_v1588 = _v1588 ^ 0x00d6a0ad;
				_v1668 = 0xda1be6;
				_v1668 = _v1668 >> 0xa;
				_v1668 = _v1668 + 0xb82c;
				_v1668 = _v1668 + 0xffff3cb9;
				_v1668 = _v1668 ^ 0x000447cb;
				_v1700 = 0x2ba1ed;
				_v1700 = _v1700 << 6;
				_v1700 = _v1700 + 0xffff6a87;
				_v1700 = _v1700 >> 0xf;
				_v1700 = _v1700 ^ 0x000ca1a2;
				_v1600 = 0xfc0906;
				_v1600 = _v1600 >> 0xe;
				_v1600 = _v1600 ^ 0x000a9240;
				_v1692 = 0xcdddf3;
				_v1692 = _v1692 | 0x4624ceaf;
				_v1692 = _v1692 >> 0xc;
				_v1692 = _v1692 | 0xae0b3fef;
				_v1692 = _v1692 ^ 0xae09d891;
				_v1652 = 0xd6e5ef;
				_v1652 = _v1652 + 0xffffecd6;
				_t464 = 0x1f;
				_v1652 = _v1652 * 0x1b;
				_v1652 = _v1652 ^ 0x16a7acad;
				_v1724 = 0x640b42;
				_v1724 = _v1724 + 0x7af0;
				_v1724 = _v1724 + 0xd7a0;
				_v1724 = _v1724 / _t464;
				_v1724 = _v1724 ^ 0x00003baa;
				_v1644 = 0x5d7e02;
				_v1644 = _v1644 ^ 0x280f1fa3;
				_v1644 = _v1644 | 0x80dcb776;
				_v1644 = _v1644 ^ 0xa8d7b48e;
				_v1612 = 0x310401;
				_v1612 = _v1612 << 0xc;
				_v1612 = _v1612 ^ 0x10456323;
				_v1708 = 0xec7d3e;
				_v1708 = _v1708 + 0xffff4756;
				_t465 = 0x19;
				_v1708 = _v1708 / _t465;
				_v1708 = _v1708 * 0x78;
				_v1708 = _v1708 ^ 0x04625198;
				_v1676 = 0xc1499c;
				_v1676 = _v1676 + 0x787f;
				_v1676 = _v1676 >> 7;
				_v1676 = _v1676 >> 0xd;
				_v1676 = _v1676 ^ 0x0006bbad;
				_v1620 = 0xc8864f;
				_v1620 = _v1620 + 0xdb64;
				_t466 = 0x71;
				_v1620 = _v1620 / _t466;
				_v1620 = _v1620 ^ 0x00054ec4;
				_v1716 = 0x58bfc6;
				_v1716 = _v1716 << 0xc;
				_v1716 = _v1716 << 6;
				_v1716 = _v1716 >> 0xa;
				_v1716 = _v1716 ^ 0x00309503;
				_v1584 = 0x2a66b4;
				_t467 = 0x6c;
				_v1584 = _v1584 * 0x62;
				_v1584 = _v1584 ^ 0x103c6d70;
				_v1628 = 0xcd0e9a;
				_v1628 = _v1628 + 0xffff6b98;
				_v1628 = _v1628 + 0xffffdc7c;
				_v1628 = _v1628 ^ 0x00cd4883;
				_v1684 = 0x7bfe73;
				_v1684 = _v1684 >> 5;
				_v1684 = _v1684 << 7;
				_v1684 = _v1684 * 0x31;
				_v1684 = _v1684 ^ 0x5ee8daf9;
				_v1660 = 0x1f1c01;
				_v1660 = _v1660 >> 4;
				_v1660 = _v1660 / _t467;
				_v1660 = _v1660 ^ 0x000ccbd2;
				_v1720 = 0x840fb2;
				_v1720 = _v1720 | 0xa69eff81;
				_v1720 = _v1720 << 0xe;
				_v1720 = _v1720 + 0xffff3037;
				_v1720 = _v1720 ^ 0xbfecb97e;
				_v1656 = 0xd8a297;
				_v1656 = _v1656 + 0x41c1;
				_v1656 = _v1656 ^ 0x1d9d441b;
				_v1656 = _v1656 ^ 0x1d437da6;
				_v1580 = 0xe77586;
				_v1580 = _v1580 + 0xfffff7e8;
				_v1580 = _v1580 ^ 0x00e53b2f;
				_v1728 = 0x20c0e;
				_v1728 = _v1728 + 0x594f;
				_t468 = 0x79;
				_v1728 = _v1728 / _t468;
				_v1728 = _v1728 ^ 0x017ec3a2;
				_v1728 = _v1728 ^ 0x01734834;
				_v1712 = 0x467deb;
				_v1712 = _v1712 | 0xfb06902d;
				_v1712 = _v1712 << 0xd;
				_v1712 = _v1712 << 0xb;
				_v1712 = _v1712 ^ 0xef0dc14e;
				_v1632 = 0xa85c1c;
				_v1632 = _v1632 << 3;
				_v1632 = _v1632 << 4;
				_v1632 = _v1632 ^ 0x54293107;
				_v1596 = 0x697bfe;
				_v1596 = _v1596 | 0x748d72c7;
				_v1596 = _v1596 ^ 0x74e3de32;
				_v1640 = 0x724245;
				_t222 =  &_v1640; // 0x724245
				_v1640 =  *_t222 * 0x4c;
				_t224 =  &_v1640; // 0x724245
				_v1640 =  *_t224 * 0x26;
				_v1640 = _v1640 ^ 0x08f66fe6;
				_v1648 = 0xa241b2;
				_v1648 = _v1648 >> 4;
				_v1648 = _v1648 << 0xe;
				_v1648 = _v1648 ^ 0x890355d2;
				_v1604 = 0x4e61c6;
				_v1604 = _v1604 | 0x297abf50;
				_v1604 = _v1604 ^ 0x29742082;
				_v1608 = 0xdfdd08;
				_v1608 = _v1608 | 0x096e656f;
				_v1608 = _v1608 ^ 0x09fe8e74;
				_v1624 = 0x7e1789;
				_v1624 = _v1624 + 0xd6ac;
				_v1624 = _v1624 + 0xffff1ac7;
				_v1624 = _v1624 ^ 0x007fce14;
				_v1688 = 0xd4150c;
				_v1688 = _v1688 << 3;
				_v1688 = _v1688 ^ 0x561d7592;
				_v1688 = _v1688 >> 0xa;
				_v1688 = _v1688 ^ 0x001f305a;
				_v1696 = 0x3e923d;
				_v1696 = _v1696 ^ 0x624df4c6;
				_t469 = 0x29;
				_v1696 = _v1696 / _t469;
				_v1696 = _v1696 + 0xffffe680;
				_v1696 = _v1696 ^ 0x026755ff;
				_v1704 = 0xed73af;
				_t470 = 0x36;
				_v1704 = _v1704 / _t470;
				_v1704 = _v1704 * 0x76;
				_v1704 = _v1704 >> 3;
				_v1704 = _v1704 ^ 0x0041c6e0;
				_v1664 = 0xe0489c;
				_v1664 = _v1664 * 0x4e;
				_v1664 = _v1664 * 0x21;
				_v1664 = _v1664 << 0xf;
				_v1664 = _v1664 ^ 0x084e6c7b;
				_v1672 = 0xcef4bd;
				_v1672 = _v1672 * 0x4b;
				_v1672 = _v1672 + 0xffff3dcb;
				_v1672 = _v1672 << 0x10;
				_v1672 = _v1672 ^ 0xf1249f73;
				_v1680 = 0x187dc5;
				_v1680 = _v1680 | 0x94fddf65;
				_v1680 = _v1680 << 1;
				_v1680 = _v1680 ^ 0x244f0190;
				_v1680 = _v1680 ^ 0x0db75cb9;
				_v1616 = 0xe6e563;
				_v1616 = _v1616 ^ 0xa5d4beb7;
				_v1616 = _v1616 + 0xffffcebd;
				_v1616 = _v1616 ^ 0xa53dba5b;
				do {
					while(_t425 != 0x6a96cc9) {
						if(_t425 == 0xabcd6f9) {
							_push(_t425);
							__eflags = E02BC85FF(_v1664, _v1672, __eflags, _t462,  &_v520, _t462, _v1680, _t462, _v1616);
							_t462 =  !=  ? 1 : _t462;
						} else {
							if(_t425 == 0xbbc45e7) {
								E02BB1A34(_v1592,  &_v1040, _t425, _t425, _v1588, _v1668, _v1700, _t425, _v1636, _v1600);
								_t475 =  &(_t475[8]);
								_t425 = 0xe9b1f6b;
								continue;
							} else {
								_t482 = _t425 - 0xe9b1f6b;
								if(_t425 != 0xe9b1f6b) {
									goto L8;
								} else {
									_push(_v1644);
									_push(_v1724);
									_push(_v1652);
									_t412 = E02BCE1F8(0x2bb1030, _v1692, _t482);
									E02BB7078( &_v1560, _t482);
									_t415 =  *0x2bd6214; // 0x0
									_t419 =  *0x2bd6214; // 0x0
									E02BBF96F(_v1612, _t482, _t419 + 0x34, _t412,  &_v1560, _v1708,  &_v520, _t415 + 0x23c, _v1676, _v1620, _v1716,  &_v1040);
									E02BCFECB(_t412, _v1584, _v1628, _v1684, _v1660);
									_t475 =  &(_t475[0x10]);
									_t425 = 0xabcd6f9;
									continue;
								}
							}
						}
						L11:
						return _t462;
					}
					_push(_v1728);
					_t346 =  &_v1580; // 0xe53b2f
					_push( *_t346);
					_push(_v1656);
					_t397 = E02BCE1F8(0x2bb10f0, _v1720, __eflags);
					E02BB7078( &_v1560, __eflags);
					_t400 =  *0x2bd6214; // 0x0
					_t402 =  *0x2bd6214; // 0x0
					__eflags = _t402 + 0x23c;
					E02BBBF5F(_v1712, _t402 + 0x23c, _v1632,  &_v1560, _v1596,  &_v520, _v1640,  &_v1040, _t402 + 0x23c, _v1648, _t400 + 0x34, _v1604, _v1608,  &_v1560, _t462);
					E02BCFECB(_t397, _v1624, _v1688, _v1696, _v1704);
					_t475 =  &(_t475[0x13]);
					_t425 = 0xabcd6f9;
					L8:
					__eflags = _t425 - 0xcc0d361;
				} while (__eflags != 0);
				goto L11;
			}


































































                                                                                                          0x02bd17c7
                                                                                                          0x02bd17ce
                                                                                                          0x02bd17d0
                                                                                                          0x02bd17d7
                                                                                                          0x02bd17d8
                                                                                                          0x02bd17d9
                                                                                                          0x02bd17de
                                                                                                          0x02bd17e9
                                                                                                          0x02bd17ec
                                                                                                          0x02bd17f9
                                                                                                          0x02bd1804
                                                                                                          0x02bd1809
                                                                                                          0x02bd1810
                                                                                                          0x02bd1818
                                                                                                          0x02bd1820
                                                                                                          0x02bd1828
                                                                                                          0x02bd1830
                                                                                                          0x02bd1844
                                                                                                          0x02bd1849
                                                                                                          0x02bd1852
                                                                                                          0x02bd185d
                                                                                                          0x02bd1868
                                                                                                          0x02bd1873
                                                                                                          0x02bd187e
                                                                                                          0x02bd1886
                                                                                                          0x02bd188b
                                                                                                          0x02bd1893
                                                                                                          0x02bd189b
                                                                                                          0x02bd18a3
                                                                                                          0x02bd18ab
                                                                                                          0x02bd18b0
                                                                                                          0x02bd18b8
                                                                                                          0x02bd18bd
                                                                                                          0x02bd18c5
                                                                                                          0x02bd18d0
                                                                                                          0x02bd18d8
                                                                                                          0x02bd18e3
                                                                                                          0x02bd18eb
                                                                                                          0x02bd18f3
                                                                                                          0x02bd18f8
                                                                                                          0x02bd1900
                                                                                                          0x02bd1908
                                                                                                          0x02bd1910
                                                                                                          0x02bd191d
                                                                                                          0x02bd1920
                                                                                                          0x02bd1924
                                                                                                          0x02bd192c
                                                                                                          0x02bd1934
                                                                                                          0x02bd193c
                                                                                                          0x02bd194c
                                                                                                          0x02bd1950
                                                                                                          0x02bd1958
                                                                                                          0x02bd1960
                                                                                                          0x02bd1968
                                                                                                          0x02bd1970
                                                                                                          0x02bd1978
                                                                                                          0x02bd1983
                                                                                                          0x02bd198b
                                                                                                          0x02bd1996
                                                                                                          0x02bd199e
                                                                                                          0x02bd19aa
                                                                                                          0x02bd19ad
                                                                                                          0x02bd19b6
                                                                                                          0x02bd19ba
                                                                                                          0x02bd19c4
                                                                                                          0x02bd19cc
                                                                                                          0x02bd19d4
                                                                                                          0x02bd19d9
                                                                                                          0x02bd19de
                                                                                                          0x02bd19e6
                                                                                                          0x02bd19ee
                                                                                                          0x02bd19fc
                                                                                                          0x02bd1a01
                                                                                                          0x02bd1a0a
                                                                                                          0x02bd1a15
                                                                                                          0x02bd1a1d
                                                                                                          0x02bd1a22
                                                                                                          0x02bd1a27
                                                                                                          0x02bd1a2c
                                                                                                          0x02bd1a34
                                                                                                          0x02bd1a47
                                                                                                          0x02bd1a4a
                                                                                                          0x02bd1a51
                                                                                                          0x02bd1a5c
                                                                                                          0x02bd1a64
                                                                                                          0x02bd1a6c
                                                                                                          0x02bd1a74
                                                                                                          0x02bd1a7c
                                                                                                          0x02bd1a84
                                                                                                          0x02bd1a89
                                                                                                          0x02bd1a93
                                                                                                          0x02bd1a97
                                                                                                          0x02bd1a9f
                                                                                                          0x02bd1aa7
                                                                                                          0x02bd1ab4
                                                                                                          0x02bd1ab8
                                                                                                          0x02bd1ac0
                                                                                                          0x02bd1ac8
                                                                                                          0x02bd1ad0
                                                                                                          0x02bd1ad5
                                                                                                          0x02bd1add
                                                                                                          0x02bd1ae5
                                                                                                          0x02bd1aed
                                                                                                          0x02bd1af5
                                                                                                          0x02bd1afd
                                                                                                          0x02bd1b05
                                                                                                          0x02bd1b10
                                                                                                          0x02bd1b1b
                                                                                                          0x02bd1b26
                                                                                                          0x02bd1b2e
                                                                                                          0x02bd1b3a
                                                                                                          0x02bd1b3d
                                                                                                          0x02bd1b41
                                                                                                          0x02bd1b49
                                                                                                          0x02bd1b51
                                                                                                          0x02bd1b59
                                                                                                          0x02bd1b61
                                                                                                          0x02bd1b66
                                                                                                          0x02bd1b6b
                                                                                                          0x02bd1b73
                                                                                                          0x02bd1b7b
                                                                                                          0x02bd1b80
                                                                                                          0x02bd1b85
                                                                                                          0x02bd1b8d
                                                                                                          0x02bd1b98
                                                                                                          0x02bd1ba3
                                                                                                          0x02bd1bae
                                                                                                          0x02bd1bb6
                                                                                                          0x02bd1bbb
                                                                                                          0x02bd1bbf
                                                                                                          0x02bd1bc4
                                                                                                          0x02bd1bca
                                                                                                          0x02bd1bd7
                                                                                                          0x02bd1be4
                                                                                                          0x02bd1be9
                                                                                                          0x02bd1bee
                                                                                                          0x02bd1bf6
                                                                                                          0x02bd1c01
                                                                                                          0x02bd1c0c
                                                                                                          0x02bd1c17
                                                                                                          0x02bd1c22
                                                                                                          0x02bd1c2d
                                                                                                          0x02bd1c38
                                                                                                          0x02bd1c40
                                                                                                          0x02bd1c48
                                                                                                          0x02bd1c50
                                                                                                          0x02bd1c58
                                                                                                          0x02bd1c60
                                                                                                          0x02bd1c65
                                                                                                          0x02bd1c6d
                                                                                                          0x02bd1c72
                                                                                                          0x02bd1c7a
                                                                                                          0x02bd1c82
                                                                                                          0x02bd1c90
                                                                                                          0x02bd1c95
                                                                                                          0x02bd1c9b
                                                                                                          0x02bd1ca3
                                                                                                          0x02bd1cab
                                                                                                          0x02bd1cb7
                                                                                                          0x02bd1cba
                                                                                                          0x02bd1cc3
                                                                                                          0x02bd1cc7
                                                                                                          0x02bd1ccc
                                                                                                          0x02bd1cd4
                                                                                                          0x02bd1ce1
                                                                                                          0x02bd1cea
                                                                                                          0x02bd1cee
                                                                                                          0x02bd1cf3
                                                                                                          0x02bd1cfb
                                                                                                          0x02bd1d08
                                                                                                          0x02bd1d0c
                                                                                                          0x02bd1d14
                                                                                                          0x02bd1d19
                                                                                                          0x02bd1d21
                                                                                                          0x02bd1d29
                                                                                                          0x02bd1d31
                                                                                                          0x02bd1d35
                                                                                                          0x02bd1d3d
                                                                                                          0x02bd1d45
                                                                                                          0x02bd1d50
                                                                                                          0x02bd1d5b
                                                                                                          0x02bd1d66
                                                                                                          0x02bd1d71
                                                                                                          0x02bd1d71
                                                                                                          0x02bd1d7f
                                                                                                          0x02bd1f31
                                                                                                          0x02bd1f5b
                                                                                                          0x02bd1f5d
                                                                                                          0x02bd1d85
                                                                                                          0x02bd1d8b
                                                                                                          0x02bd1e67
                                                                                                          0x02bd1e6c
                                                                                                          0x02bd1e6f
                                                                                                          0x00000000
                                                                                                          0x02bd1d91
                                                                                                          0x02bd1d91
                                                                                                          0x02bd1d93
                                                                                                          0x00000000
                                                                                                          0x02bd1d99
                                                                                                          0x02bd1d99
                                                                                                          0x02bd1da2
                                                                                                          0x02bd1da6
                                                                                                          0x02bd1dae
                                                                                                          0x02bd1dbc
                                                                                                          0x02bd1ddd
                                                                                                          0x02bd1e03
                                                                                                          0x02bd1e0d
                                                                                                          0x02bd1e2d
                                                                                                          0x02bd1e32
                                                                                                          0x02bd1e35
                                                                                                          0x00000000
                                                                                                          0x02bd1e35
                                                                                                          0x02bd1d93
                                                                                                          0x02bd1d8b
                                                                                                          0x02bd1f60
                                                                                                          0x02bd1f6c
                                                                                                          0x02bd1f6c
                                                                                                          0x02bd1e76
                                                                                                          0x02bd1e7f
                                                                                                          0x02bd1e7f
                                                                                                          0x02bd1e86
                                                                                                          0x02bd1e8e
                                                                                                          0x02bd1e9f
                                                                                                          0x02bd1ebb
                                                                                                          0x02bd1ec8
                                                                                                          0x02bd1ecd
                                                                                                          0x02bd1eff
                                                                                                          0x02bd1f19
                                                                                                          0x02bd1f1e
                                                                                                          0x02bd1f21
                                                                                                          0x02bd1f23
                                                                                                          0x02bd1f23
                                                                                                          0x02bd1f23
                                                                                                          0x00000000

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: /;$>}$EBr$OY$c$oen$}F
                                                                                                          • API String ID: 0-419207597
                                                                                                          • Opcode ID: 59d705973bce390153155cba40ddcada941ebc0cd10d2242d232da774a81386b
                                                                                                          • Instruction ID: 7e803a73e3a777ae520d18b3871ddac3de0cbbd8ccf22376934d01174872b01e
                                                                                                          • Opcode Fuzzy Hash: 59d705973bce390153155cba40ddcada941ebc0cd10d2242d232da774a81386b
                                                                                                          • Instruction Fuzzy Hash: EB0212B15083809FD365CF25C889A9FBBE6FBC4358F108A1DE1DA96260D7B58949CF43
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BB77A3, Relevance: 9.1, Strings: 7, Instructions: 330COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 96%
                                                                                                          			E02BB77A3(signed int* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v60;
				signed int _v64;
				signed int _v68;
				unsigned int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				void* _t314;
				signed int _t352;
				signed int _t362;
				signed int _t363;
				signed int _t364;
				signed int _t365;
				signed int _t366;
				signed int _t367;
				void* _t370;
				signed int* _t401;
				signed int* _t405;
				void* _t407;

				_t402 = _a12;
				_push(_a12);
				_push(_a8);
				_t401 = __ecx;
				_push(_a4);
				_push(__ecx);
				E02BCFE29(_t314);
				_v100 = 0xaefbe1;
				_t405 =  &(( &_v192)[5]);
				_v100 = _v100 + 0x6b82;
				_t370 = 0xc5526f;
				_t362 = 0x2b;
				_v100 = _v100 / _t362;
				_v100 = _v100 ^ 0x00041443;
				_v80 = 0x1d3414;
				_v80 = _v80 + 0xffffdb02;
				_v80 = _v80 ^ 0x0011ba60;
				_v72 = 0x54a5f8;
				_v72 = _v72 >> 0x10;
				_v72 = _v72 ^ 0x000d0ae3;
				_v136 = 0x274773;
				_t26 =  &_v136; // 0x274773
				_t363 = 0x1a;
				_v136 =  *_t26 * 0x4d;
				_v136 = _v136 + 0xffff9993;
				_v136 = _v136 ^ 0x0bd1637a;
				_v88 = 0xd58b4c;
				_v88 = _v88 + 0xffff1506;
				_v88 = _v88 ^ 0x00d01948;
				_v92 = 0x5e6930;
				_t38 =  &_v92; // 0x5e6930
				_v92 =  *_t38;
				_v92 = _v92 ^ 0x00540f59;
				_v116 = 0x40a51;
				_v116 = _v116 | 0x5ce3fa4e;
				_v116 = _v116 >> 2;
				_v116 = _v116 ^ 0x1737f89e;
				_v108 = 0x7d5bec;
				_v108 = _v108 | 0x0f0c5889;
				_v108 = _v108 + 0xbcf5;
				_v108 = _v108 ^ 0x0f7d2458;
				_v164 = 0x3d5dd8;
				_v164 = _v164 ^ 0x644c870b;
				_v164 = _v164 >> 0xd;
				_v164 = _v164 * 0x7a;
				_v164 = _v164 ^ 0x017eec74;
				_v180 = 0x53df1b;
				_v180 = _v180 / _t363;
				_v180 = _v180 + 0xffff91ff;
				_v180 = _v180 + 0xffff90b6;
				_v180 = _v180 ^ 0x000d2df2;
				_v76 = 0x6cb33c;
				_v76 = _v76 + 0x7c19;
				_v76 = _v76 ^ 0x0065748e;
				_v160 = 0xaee8e0;
				_t364 = 0x3e;
				_v160 = _v160 / _t364;
				_v160 = _v160 + 0x21f3;
				_v160 = _v160 * 0x52;
				_v160 = _v160 ^ 0x00ffda9d;
				_v84 = 0xdaab99;
				_v84 = _v84 >> 0xc;
				_v84 = _v84 ^ 0x000be4ff;
				_v144 = 0x6cc9e4;
				_v144 = _v144 >> 5;
				_v144 = _v144 ^ 0xa5290d0e;
				_v144 = _v144 ^ 0xa52e4d3d;
				_v120 = 0x3bbeb9;
				_v120 = _v120 ^ 0x393aef05;
				_v120 = _v120 + 0x22c7;
				_v120 = _v120 ^ 0x39070acc;
				_v148 = 0xc13163;
				_v148 = _v148 ^ 0x61e09c7e;
				_v148 = _v148 + 0x1cd6;
				_v148 = _v148 ^ 0x612c2d34;
				_v128 = 0x26c56f;
				_v128 = _v128 >> 2;
				_v128 = _v128 | 0xf6250b40;
				_v128 = _v128 ^ 0xf621b77e;
				_v176 = 0xf92ffc;
				_v176 = _v176 << 4;
				_v176 = _v176 ^ 0x602a8fe3;
				_v176 = _v176 >> 7;
				_v176 = _v176 ^ 0x00d9f38d;
				_v124 = 0x433c84;
				_v124 = _v124 + 0xffff4128;
				_v124 = _v124 ^ 0x1ed7562a;
				_v124 = _v124 ^ 0x1e92a094;
				_v132 = 0x6b8ec6;
				_v132 = _v132 ^ 0x28d18ae0;
				_t365 = 0x6a;
				_v132 = _v132 * 0x7b;
				_v132 = _v132 ^ 0x9158c057;
				_v104 = 0x1fefeb;
				_v104 = _v104 >> 0xf;
				_v104 = _v104 + 0xffff5efe;
				_v104 = _v104 ^ 0xfff4cbde;
				_v168 = 0xc1bc7b;
				_v168 = _v168 >> 3;
				_v168 = _v168 << 7;
				_v168 = _v168 * 0x7d;
				_v168 = _v168 ^ 0xe998ae80;
				_v64 = 0x9d5223;
				_v64 = _v64 | 0x29ada36c;
				_v64 = _v64 ^ 0x29b66376;
				_v184 = 0x42d2c5;
				_v184 = _v184 + 0xffffd8f9;
				_v184 = _v184 | 0x10a03a14;
				_v184 = _v184 << 8;
				_v184 = _v184 ^ 0xe2b073c1;
				_v192 = 0xa502eb;
				_v192 = _v192 ^ 0xb81d0436;
				_v192 = _v192 >> 0xd;
				_v192 = _v192 / _t365;
				_v192 = _v192 ^ 0x000463de;
				_v172 = 0x9c405d;
				_v172 = _v172 >> 6;
				_v172 = _v172 ^ 0x75940441;
				_v172 = _v172 + 0xd268;
				_v172 = _v172 ^ 0x759b0547;
				_v156 = 0x9f3fdd;
				_v156 = _v156 >> 3;
				_v156 = _v156 << 9;
				_v156 = _v156 >> 0xd;
				_v156 = _v156 ^ 0x000ada21;
				_v188 = 0xfbaf85;
				_v188 = _v188 | 0xf8737d3a;
				_t366 = 0x3c;
				_v188 = _v188 / _t366;
				_v188 = _v188 ^ 0x0422aead;
				_v112 = 0x7705bd;
				_v112 = _v112 | 0xb4ba0e14;
				_v112 = _v112 * 0x43;
				_v112 = _v112 ^ 0x5ec93514;
				_v96 = 0xe3e42a;
				_v96 = _v96 ^ 0x25c7ee45;
				_v96 = _v96 ^ 0x252c54ca;
				_v68 = 0xae646d;
				_v68 = _v68 + 0xcc0;
				_v68 = _v68 ^ 0x00a4113a;
				_v140 = 0x4c7529;
				_t367 = 0x73;
				_v140 = _v140 / _t367;
				_v140 = _v140 | 0x6ffaa740;
				_v140 = _v140 ^ 0x6ff9ac12;
				_v152 = 0xafca7f;
				_v152 = _v152 + 0xfffffd29;
				_v152 = _v152 + 0xad57;
				_v152 = _v152 + 0x26e2;
				_v152 = _v152 ^ 0x00ba4152;
				goto L1;
				do {
					while(1) {
						L1:
						_t407 = _t370 - 0x696b508;
						if(_t407 > 0) {
							break;
						}
						if(_t407 == 0) {
							_t401[1] = E02BBF369(_t402);
							_t370 = 0x4c1a8a5;
							continue;
						} else {
							if(_t370 == 0xc5526f) {
								_t370 = 0x696b508;
								 *_t401 =  *_t401 & 0x00000000;
								_t401[1] = _v100;
								continue;
							} else {
								if(_t370 == 0x1aa419f) {
									E02BC0A90(_v64, _v184, _v192,  &_v60, _v172,  *((intOrPtr*)(_t402 + 0xc)));
									_t405 =  &(_t405[4]);
									_t370 = 0x68c33a9;
									continue;
								} else {
									if(_t370 == 0x4c1a8a5) {
										_push(_t370);
										_push(_t370);
										_t352 = E02BBC5D8(_t401[1]);
										_t405 =  &(_t405[3]);
										 *_t401 = _t352;
										__eflags = _t352;
										if(__eflags != 0) {
											_t370 = 0x8344534;
											continue;
										}
									} else {
										if(_t370 == 0x642ef10) {
											E02BCCAD5(_v108, _v164, __eflags, _v180, _t402 + 0x4c,  &_v60);
											_t405 =  &(_t405[3]);
											_t370 = 0x7d262d1;
											continue;
										} else {
											if(_t370 != 0x68c33a9) {
												goto L25;
											} else {
												E02BC0A90(_v156, _v188, _v112,  &_v60, _v96,  *((intOrPtr*)(_t402 + 8)));
												_t405 =  &(_t405[4]);
												_t370 = 0x6a3d126;
												continue;
											}
										}
									}
								}
							}
						}
						goto L26;
					}
					__eflags = _t370 - 0x6a3d126;
					if(__eflags == 0) {
						E02BCCAD5(_v68, _v140, __eflags, _v152, _t402 + 0x2c,  &_v60);
						_t405 =  &(_t405[3]);
						_t370 = 0x2431b15;
						goto L25;
					} else {
						__eflags = _t370 - 0x7d262d1;
						if(_t370 == 0x7d262d1) {
							E02BC0A90(_v76, _v160, _v84,  &_v60, _v144,  *((intOrPtr*)(_t402 + 0x58)));
							_t405 =  &(_t405[4]);
							_t370 = 0xabb5672;
							goto L1;
						} else {
							__eflags = _t370 - 0x8344534;
							if(_t370 == 0x8344534) {
								E02BB22A6(_t401, _v92,  &_v60, _v116);
								_t405 =  &(_t405[2]);
								_t370 = 0x642ef10;
								goto L1;
							} else {
								__eflags = _t370 - 0x94f1f5a;
								if(_t370 == 0x94f1f5a) {
									E02BC0A90(_v124, _v132, _v104,  &_v60, _v168,  *((intOrPtr*)(_t402 + 0x38)));
									_t405 =  &(_t405[4]);
									_t370 = 0x1aa419f;
									goto L1;
								} else {
									__eflags = _t370 - 0xabb5672;
									if(_t370 != 0xabb5672) {
										goto L25;
									} else {
										E02BC0A90(_v120, _v148, _v128,  &_v60, _v176,  *((intOrPtr*)(_t402 + 0x10)));
										_t405 =  &(_t405[4]);
										_t370 = 0x94f1f5a;
										goto L1;
									}
								}
							}
						}
					}
					break;
					L25:
					__eflags = _t370 - 0x2431b15;
				} while (__eflags != 0);
				L26:
				__eflags =  *_t401;
				_t313 =  *_t401 != 0;
				__eflags = _t313;
				return 0 | _t313;
			}

















































                                                                                                          0x02bb77ac
                                                                                                          0x02bb77b4
                                                                                                          0x02bb77b5
                                                                                                          0x02bb77bc
                                                                                                          0x02bb77be
                                                                                                          0x02bb77c6
                                                                                                          0x02bb77c7
                                                                                                          0x02bb77cc
                                                                                                          0x02bb77d7
                                                                                                          0x02bb77da
                                                                                                          0x02bb77e8
                                                                                                          0x02bb77ef
                                                                                                          0x02bb77f4
                                                                                                          0x02bb77fa
                                                                                                          0x02bb7802
                                                                                                          0x02bb780d
                                                                                                          0x02bb7818
                                                                                                          0x02bb7823
                                                                                                          0x02bb782e
                                                                                                          0x02bb7836
                                                                                                          0x02bb7841
                                                                                                          0x02bb7849
                                                                                                          0x02bb784e
                                                                                                          0x02bb7851
                                                                                                          0x02bb7855
                                                                                                          0x02bb785d
                                                                                                          0x02bb7865
                                                                                                          0x02bb786d
                                                                                                          0x02bb7875
                                                                                                          0x02bb787d
                                                                                                          0x02bb7885
                                                                                                          0x02bb7889
                                                                                                          0x02bb788d
                                                                                                          0x02bb7895
                                                                                                          0x02bb789d
                                                                                                          0x02bb78a5
                                                                                                          0x02bb78aa
                                                                                                          0x02bb78b2
                                                                                                          0x02bb78ba
                                                                                                          0x02bb78c2
                                                                                                          0x02bb78ca
                                                                                                          0x02bb78d2
                                                                                                          0x02bb78da
                                                                                                          0x02bb78e2
                                                                                                          0x02bb78ec
                                                                                                          0x02bb78f0
                                                                                                          0x02bb78f8
                                                                                                          0x02bb7908
                                                                                                          0x02bb790c
                                                                                                          0x02bb7914
                                                                                                          0x02bb791c
                                                                                                          0x02bb7924
                                                                                                          0x02bb792f
                                                                                                          0x02bb793a
                                                                                                          0x02bb7945
                                                                                                          0x02bb7951
                                                                                                          0x02bb7954
                                                                                                          0x02bb7958
                                                                                                          0x02bb7965
                                                                                                          0x02bb7969
                                                                                                          0x02bb7971
                                                                                                          0x02bb7979
                                                                                                          0x02bb797e
                                                                                                          0x02bb7988
                                                                                                          0x02bb7990
                                                                                                          0x02bb7995
                                                                                                          0x02bb799d
                                                                                                          0x02bb79a5
                                                                                                          0x02bb79ad
                                                                                                          0x02bb79b5
                                                                                                          0x02bb79bd
                                                                                                          0x02bb79c5
                                                                                                          0x02bb79cd
                                                                                                          0x02bb79d5
                                                                                                          0x02bb79dd
                                                                                                          0x02bb79e5
                                                                                                          0x02bb79ed
                                                                                                          0x02bb79f2
                                                                                                          0x02bb79fa
                                                                                                          0x02bb7a02
                                                                                                          0x02bb7a0a
                                                                                                          0x02bb7a0f
                                                                                                          0x02bb7a17
                                                                                                          0x02bb7a1c
                                                                                                          0x02bb7a24
                                                                                                          0x02bb7a2c
                                                                                                          0x02bb7a34
                                                                                                          0x02bb7a3c
                                                                                                          0x02bb7a44
                                                                                                          0x02bb7a4c
                                                                                                          0x02bb7a5b
                                                                                                          0x02bb7a5e
                                                                                                          0x02bb7a62
                                                                                                          0x02bb7a6a
                                                                                                          0x02bb7a72
                                                                                                          0x02bb7a77
                                                                                                          0x02bb7a7f
                                                                                                          0x02bb7a87
                                                                                                          0x02bb7a8f
                                                                                                          0x02bb7a94
                                                                                                          0x02bb7a9e
                                                                                                          0x02bb7aa2
                                                                                                          0x02bb7aaa
                                                                                                          0x02bb7ab5
                                                                                                          0x02bb7ac0
                                                                                                          0x02bb7acb
                                                                                                          0x02bb7ad3
                                                                                                          0x02bb7adb
                                                                                                          0x02bb7ae3
                                                                                                          0x02bb7ae8
                                                                                                          0x02bb7af0
                                                                                                          0x02bb7af8
                                                                                                          0x02bb7b00
                                                                                                          0x02bb7b0d
                                                                                                          0x02bb7b11
                                                                                                          0x02bb7b19
                                                                                                          0x02bb7b21
                                                                                                          0x02bb7b26
                                                                                                          0x02bb7b2e
                                                                                                          0x02bb7b36
                                                                                                          0x02bb7b3e
                                                                                                          0x02bb7b46
                                                                                                          0x02bb7b4b
                                                                                                          0x02bb7b50
                                                                                                          0x02bb7b55
                                                                                                          0x02bb7b5d
                                                                                                          0x02bb7b65
                                                                                                          0x02bb7b71
                                                                                                          0x02bb7b74
                                                                                                          0x02bb7b78
                                                                                                          0x02bb7b80
                                                                                                          0x02bb7b88
                                                                                                          0x02bb7b95
                                                                                                          0x02bb7b9b
                                                                                                          0x02bb7ba8
                                                                                                          0x02bb7bb0
                                                                                                          0x02bb7bb8
                                                                                                          0x02bb7bc0
                                                                                                          0x02bb7bcb
                                                                                                          0x02bb7bd6
                                                                                                          0x02bb7be1
                                                                                                          0x02bb7bef
                                                                                                          0x02bb7bf7
                                                                                                          0x02bb7bfb
                                                                                                          0x02bb7c03
                                                                                                          0x02bb7c0b
                                                                                                          0x02bb7c13
                                                                                                          0x02bb7c1b
                                                                                                          0x02bb7c23
                                                                                                          0x02bb7c2b
                                                                                                          0x02bb7c2b
                                                                                                          0x02bb7c33
                                                                                                          0x02bb7c33
                                                                                                          0x02bb7c33
                                                                                                          0x02bb7c33
                                                                                                          0x02bb7c35
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bb7c3b
                                                                                                          0x02bb7d45
                                                                                                          0x02bb7d48
                                                                                                          0x00000000
                                                                                                          0x02bb7c41
                                                                                                          0x02bb7c47
                                                                                                          0x02bb7d31
                                                                                                          0x02bb7d33
                                                                                                          0x02bb7d36
                                                                                                          0x00000000
                                                                                                          0x02bb7c4d
                                                                                                          0x02bb7c53
                                                                                                          0x02bb7d1b
                                                                                                          0x02bb7d20
                                                                                                          0x02bb7d23
                                                                                                          0x00000000
                                                                                                          0x02bb7c59
                                                                                                          0x02bb7c5f
                                                                                                          0x02bb7cdf
                                                                                                          0x02bb7ce0
                                                                                                          0x02bb7ce4
                                                                                                          0x02bb7ce9
                                                                                                          0x02bb7cec
                                                                                                          0x02bb7cee
                                                                                                          0x02bb7cf0
                                                                                                          0x02bb7cf6
                                                                                                          0x00000000
                                                                                                          0x02bb7cf6
                                                                                                          0x02bb7c61
                                                                                                          0x02bb7c67
                                                                                                          0x02bb7cb7
                                                                                                          0x02bb7cbc
                                                                                                          0x02bb7cbf
                                                                                                          0x00000000
                                                                                                          0x02bb7c69
                                                                                                          0x02bb7c6f
                                                                                                          0x00000000
                                                                                                          0x02bb7c75
                                                                                                          0x02bb7c90
                                                                                                          0x02bb7c95
                                                                                                          0x02bb7c98
                                                                                                          0x00000000
                                                                                                          0x02bb7c98
                                                                                                          0x02bb7c6f
                                                                                                          0x02bb7c67
                                                                                                          0x02bb7c5f
                                                                                                          0x02bb7c53
                                                                                                          0x02bb7c47
                                                                                                          0x00000000
                                                                                                          0x02bb7c3b
                                                                                                          0x02bb7d52
                                                                                                          0x02bb7d58
                                                                                                          0x02bb7e4e
                                                                                                          0x02bb7e53
                                                                                                          0x02bb7e56
                                                                                                          0x00000000
                                                                                                          0x02bb7d5e
                                                                                                          0x02bb7d5e
                                                                                                          0x02bb7d64
                                                                                                          0x02bb7e21
                                                                                                          0x02bb7e26
                                                                                                          0x02bb7e29
                                                                                                          0x00000000
                                                                                                          0x02bb7d6a
                                                                                                          0x02bb7d6a
                                                                                                          0x02bb7d6c
                                                                                                          0x02bb7dee
                                                                                                          0x02bb7df3
                                                                                                          0x02bb7df6
                                                                                                          0x00000000
                                                                                                          0x02bb7d6e
                                                                                                          0x02bb7d6e
                                                                                                          0x02bb7d74
                                                                                                          0x02bb7dca
                                                                                                          0x02bb7dcf
                                                                                                          0x02bb7dd2
                                                                                                          0x00000000
                                                                                                          0x02bb7d76
                                                                                                          0x02bb7d76
                                                                                                          0x02bb7d7c
                                                                                                          0x00000000
                                                                                                          0x02bb7d82
                                                                                                          0x02bb7d9d
                                                                                                          0x02bb7da2
                                                                                                          0x02bb7da5
                                                                                                          0x00000000
                                                                                                          0x02bb7da5
                                                                                                          0x02bb7d7c
                                                                                                          0x02bb7d74
                                                                                                          0x02bb7d6c
                                                                                                          0x02bb7d64
                                                                                                          0x00000000
                                                                                                          0x02bb7e5b
                                                                                                          0x02bb7e5b
                                                                                                          0x02bb7e5b
                                                                                                          0x02bb7e67
                                                                                                          0x02bb7e69
                                                                                                          0x02bb7e6e
                                                                                                          0x02bb7e6e
                                                                                                          0x02bb7e78

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: )uL$*$0i^$4-,a$sG'$&$[}
                                                                                                          • API String ID: 0-4036371101
                                                                                                          • Opcode ID: e280074acee194a8a4af21785d26579025f4db8ac7bfb2e7628ff9284e72021d
                                                                                                          • Instruction ID: 375326da62bfd959dcb5097040162a1215d17faae430f62a0d987e95badc275d
                                                                                                          • Opcode Fuzzy Hash: e280074acee194a8a4af21785d26579025f4db8ac7bfb2e7628ff9284e72021d
                                                                                                          • Instruction Fuzzy Hash: 7AF121B25083809FD369CF21C489A6BFBE1FFC4348F50891DE69A86260D7B58949CF43
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BB6B7A, Relevance: 9.0, Strings: 7, Instructions: 274COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 93%
                                                                                                          			E02BB6B7A(void* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr* _a8) {
				char _v76;
				intOrPtr _v80;
				char _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				char _v108;
				signed int _v112;
				char _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				void* _t242;
				void* _t265;
				void* _t269;
				signed int _t271;
				signed int _t272;
				char* _t274;
				signed int _t275;
				intOrPtr _t282;
				intOrPtr* _t285;
				void* _t287;
				signed int _t292;
				intOrPtr _t298;
				intOrPtr _t324;
				intOrPtr* _t326;
				signed int _t327;
				signed int _t328;
				signed int _t329;
				signed int _t330;
				signed int _t331;
				signed int _t332;
				signed int _t333;
				signed int _t334;
				void* _t336;
				void* _t337;

				_t285 = _a8;
				_push(_t285);
				_push(_a4);
				_t326 = __edx;
				_push(__edx);
				_push(__ecx);
				E02BCFE29(_t242);
				_v100 = 0x757930;
				_t337 = _t336 + 0x10;
				_v96 = 0xd80ad;
				_t324 = 0;
				_v92 = 0x3caa7;
				_v88 = 0;
				_t287 = 0x43d278a;
				_v140 = 0xa476d3;
				_v140 = _v140 + 0x8b71;
				_v140 = _v140 ^ 0x00a50244;
				_v192 = 0x86f1c9;
				_v192 = _v192 | 0xd7b81b76;
				_t327 = 0x1d;
				_v192 = _v192 / _t327;
				_v192 = _v192 + 0xffff13d4;
				_v192 = _v192 ^ 0x076f980a;
				_v188 = 0x843aad;
				_v188 = _v188 << 0x10;
				_v188 = _v188 | 0xc1fad14f;
				_t328 = 0x74;
				_v188 = _v188 * 0x5b;
				_v188 = _v188 ^ 0x93eb17e1;
				_v168 = 0x8317bb;
				_v168 = _v168 ^ 0x1362ec48;
				_v168 = _v168 ^ 0x4008a55c;
				_v168 = _v168 ^ 0x53e7b525;
				_v144 = 0x20a76b;
				_v144 = _v144 / _t328;
				_v144 = _v144 ^ 0x000a47fb;
				_v196 = 0xe0aa92;
				_v196 = _v196 ^ 0x05a4f46c;
				_t329 = 0x24;
				_v196 = _v196 / _t329;
				_v196 = _v196 << 8;
				_v196 = _v196 ^ 0x257ea781;
				_v200 = 0xe588c5;
				_t330 = 0x29;
				_v200 = _v200 / _t330;
				_v200 = _v200 >> 6;
				_v200 = _v200 >> 0x10;
				_v200 = _v200 ^ 0x000d5940;
				_v164 = 0x4155a9;
				_v164 = _v164 >> 5;
				_v164 = _v164 | 0x5ba52662;
				_v164 = _v164 ^ 0x5ba55520;
				_v160 = 0x4466c5;
				_v160 = _v160 >> 9;
				_v160 = _v160 >> 3;
				_v160 = _v160 ^ 0x000d6457;
				_v148 = 0x35624e;
				_v148 = _v148 >> 0x10;
				_v148 = _v148 ^ 0x000abf08;
				_v172 = 0x5696ab;
				_v172 = _v172 + 0xe488;
				_v172 = _v172 + 0x10cb;
				_v172 = _v172 ^ 0x0055d7ec;
				_v128 = 0xad635c;
				_v128 = _v128 ^ 0xb55b0f96;
				_v128 = _v128 ^ 0xb5f22a9b;
				_v208 = 0x275835;
				_t108 =  &_v208; // 0x275835
				_t331 = 0x37;
				_push("true");
				_v208 =  *_t108 / _t331;
				_v208 = _v208 ^ 0xb04b577b;
				_pop(_t332);
				_v208 = _v208 / _t332;
				_v208 = _v208 ^ 0x055d5c1c;
				_v132 = 0x1cc441;
				_t333 = 0x6a;
				_v132 = _v132 / _t333;
				_v132 = _v132 ^ 0x000e83d7;
				_v204 = 0x125b67;
				_v204 = _v204 >> 5;
				_v204 = _v204 ^ 0xe127959b;
				_v204 = _v204 << 0x10;
				_v204 = _v204 ^ 0x07419ea5;
				_v180 = 0x68abbe;
				_v180 = _v180 | 0x57b8f8fa;
				_v180 = _v180 << 0xf;
				_v180 = _v180 ^ 0x7df5736a;
				_v156 = 0x6240f4;
				_v156 = _v156 + 0xffffe0b8;
				_t334 = 0x69;
				_v156 = _v156 * 0x13;
				_v156 = _v156 ^ 0x0741ad16;
				_v124 = 0xa95440;
				_v124 = _v124 / _t334;
				_v124 = _v124 ^ 0x00021dd5;
				_v176 = 0x6e61ec;
				_v176 = _v176 + 0x7ec3;
				_v176 = _v176 | 0x8e41022f;
				_v176 = _v176 ^ 0x8e60c50b;
				_v120 = 0x9285fa;
				_v120 = _v120 ^ 0x677ff2d5;
				_v120 = _v120 ^ 0x67e9a1bb;
				_v152 = 0x5286f5;
				_v152 = _v152 + 0xffff3b7a;
				_v152 = _v152 ^ 0x016928ba;
				_v152 = _v152 ^ 0x013cf174;
				_v184 = 0xd65a61;
				_v184 = _v184 * 0x45;
				_v184 = _v184 + 0xffff6116;
				_v184 = _v184 ^ 0x39cc51e9;
				_v136 = 0xa284b3;
				_v136 = _v136 + 0x4b38;
				_v136 = _v136 ^ 0x00a4fd93;
				while(_t287 != 0x1b81945) {
					if(_t287 == 0x314f545) {
						_t265 = E02BD46BD(_v188,  &_v108, _v168, _v144, _v196,  &_v116);
						_t337 = _t337 + 0x10;
						if(_t265 == 0) {
							L25:
							return _t324;
						}
						_t287 = 0x958f9d6;
						continue;
					}
					if(_t287 == 0x43d278a) {
						_t287 = 0xee3ea02;
						continue;
					}
					if(_t287 == 0x55d8418) {
						_t292 = _v172;
						_t269 = E02BD07AA(_t292, _v128,  &_v84, _v208,  &_v76);
						_t337 = _t337 + 0xc;
						if(_t269 != 0) {
							_push(_t292);
							_push(_t292);
							_t282 = E02BBC5D8(_v80);
							_t337 = _t337 + 0xc;
							 *_t326 = _t282;
							if(_t282 != 0) {
								E02BCC9B0(_v124,  *_t326, _v176, _v80, _v84, _v120);
								_t337 = _t337 + 0x10;
								 *((intOrPtr*)(_t326 + 4)) = _v80;
								_t324 = 1;
							}
						}
						_t287 = 0x1b81945;
						continue;
					}
					if(_t287 == 0x958f9d6) {
						_t271 = E02BBC473( &_v108, _v200, _v164, _v160, _v148,  &_v84);
						_t337 = _t337 + 0x10;
						asm("sbb ecx, ecx");
						_t287 = ( ~_t271 & 0x03a56ad3) + 0x1b81945;
						continue;
					}
					if(_t287 != 0xee3ea02) {
						L24:
						if(_t287 != 0x1eefa0b) {
							continue;
						}
						goto L25;
					}
					_t272 =  *((intOrPtr*)(_t285 + 4));
					_t298 =  *_t285;
					_v112 = _t272;
					_v116 = _t298;
					_t274 = _t272 - 1 + _t298;
					while(_t274 > _t298) {
						if( *_t274 == 0) {
							break;
						}
						_t274 = _t274 - 1;
					}
					_t275 = _t274 - _t298;
					_v112 = _t275;
					if(_t275 == 0) {
						L14:
						_t287 = 0x314f545;
						continue;
					}
					while(_v112 % _v192 != _v140) {
						_t207 =  &_v112;
						 *_t207 = _v112 - 1;
						if( *_t207 != 0) {
							continue;
						}
						goto L14;
					}
					goto L14;
				}
				E02BD2B09(_v152, _v108, _v184, _v136);
				_t287 = 0x1eefa0b;
				goto L24;
			}




























































                                                                                                          0x02bb6b81
                                                                                                          0x02bb6b8b
                                                                                                          0x02bb6b8c
                                                                                                          0x02bb6b93
                                                                                                          0x02bb6b95
                                                                                                          0x02bb6b96
                                                                                                          0x02bb6b97
                                                                                                          0x02bb6b9c
                                                                                                          0x02bb6ba7
                                                                                                          0x02bb6baa
                                                                                                          0x02bb6bb5
                                                                                                          0x02bb6bb7
                                                                                                          0x02bb6bc4
                                                                                                          0x02bb6bcb
                                                                                                          0x02bb6bd0
                                                                                                          0x02bb6bd8
                                                                                                          0x02bb6be0
                                                                                                          0x02bb6be8
                                                                                                          0x02bb6bf0
                                                                                                          0x02bb6bfe
                                                                                                          0x02bb6c03
                                                                                                          0x02bb6c09
                                                                                                          0x02bb6c11
                                                                                                          0x02bb6c19
                                                                                                          0x02bb6c21
                                                                                                          0x02bb6c26
                                                                                                          0x02bb6c33
                                                                                                          0x02bb6c36
                                                                                                          0x02bb6c3a
                                                                                                          0x02bb6c42
                                                                                                          0x02bb6c4a
                                                                                                          0x02bb6c52
                                                                                                          0x02bb6c5a
                                                                                                          0x02bb6c62
                                                                                                          0x02bb6c72
                                                                                                          0x02bb6c76
                                                                                                          0x02bb6c7e
                                                                                                          0x02bb6c86
                                                                                                          0x02bb6c92
                                                                                                          0x02bb6c97
                                                                                                          0x02bb6c9d
                                                                                                          0x02bb6ca2
                                                                                                          0x02bb6caa
                                                                                                          0x02bb6cb6
                                                                                                          0x02bb6cb9
                                                                                                          0x02bb6cbd
                                                                                                          0x02bb6cc2
                                                                                                          0x02bb6cc7
                                                                                                          0x02bb6ccf
                                                                                                          0x02bb6cd7
                                                                                                          0x02bb6cdc
                                                                                                          0x02bb6ce4
                                                                                                          0x02bb6cec
                                                                                                          0x02bb6cf4
                                                                                                          0x02bb6cf9
                                                                                                          0x02bb6cfe
                                                                                                          0x02bb6d06
                                                                                                          0x02bb6d0e
                                                                                                          0x02bb6d13
                                                                                                          0x02bb6d1b
                                                                                                          0x02bb6d23
                                                                                                          0x02bb6d2d
                                                                                                          0x02bb6d35
                                                                                                          0x02bb6d3d
                                                                                                          0x02bb6d45
                                                                                                          0x02bb6d4d
                                                                                                          0x02bb6d55
                                                                                                          0x02bb6d5d
                                                                                                          0x02bb6d63
                                                                                                          0x02bb6d66
                                                                                                          0x02bb6d68
                                                                                                          0x02bb6d6e
                                                                                                          0x02bb6d7a
                                                                                                          0x02bb6d7f
                                                                                                          0x02bb6d85
                                                                                                          0x02bb6d8d
                                                                                                          0x02bb6d99
                                                                                                          0x02bb6d9e
                                                                                                          0x02bb6da4
                                                                                                          0x02bb6dac
                                                                                                          0x02bb6db4
                                                                                                          0x02bb6db9
                                                                                                          0x02bb6dc1
                                                                                                          0x02bb6dc6
                                                                                                          0x02bb6dce
                                                                                                          0x02bb6dd6
                                                                                                          0x02bb6dde
                                                                                                          0x02bb6de3
                                                                                                          0x02bb6deb
                                                                                                          0x02bb6df3
                                                                                                          0x02bb6e00
                                                                                                          0x02bb6e01
                                                                                                          0x02bb6e05
                                                                                                          0x02bb6e0d
                                                                                                          0x02bb6e20
                                                                                                          0x02bb6e24
                                                                                                          0x02bb6e2c
                                                                                                          0x02bb6e34
                                                                                                          0x02bb6e3c
                                                                                                          0x02bb6e44
                                                                                                          0x02bb6e4c
                                                                                                          0x02bb6e54
                                                                                                          0x02bb6e5c
                                                                                                          0x02bb6e64
                                                                                                          0x02bb6e6c
                                                                                                          0x02bb6e74
                                                                                                          0x02bb6e7c
                                                                                                          0x02bb6e84
                                                                                                          0x02bb6e91
                                                                                                          0x02bb6e95
                                                                                                          0x02bb6e9d
                                                                                                          0x02bb6ea5
                                                                                                          0x02bb6ead
                                                                                                          0x02bb6eb5
                                                                                                          0x02bb6ebd
                                                                                                          0x02bb6ecb
                                                                                                          0x02bb702a
                                                                                                          0x02bb702f
                                                                                                          0x02bb7034
                                                                                                          0x02bb706b
                                                                                                          0x02bb7077
                                                                                                          0x02bb7077
                                                                                                          0x02bb7036
                                                                                                          0x00000000
                                                                                                          0x02bb7036
                                                                                                          0x02bb6ed7
                                                                                                          0x02bb7004
                                                                                                          0x00000000
                                                                                                          0x02bb7004
                                                                                                          0x02bb6ee3
                                                                                                          0x02bb6f94
                                                                                                          0x02bb6f99
                                                                                                          0x02bb6f9e
                                                                                                          0x02bb6fa3
                                                                                                          0x02bb6fb5
                                                                                                          0x02bb6fb6
                                                                                                          0x02bb6fbe
                                                                                                          0x02bb6fc3
                                                                                                          0x02bb6fc6
                                                                                                          0x02bb6fca
                                                                                                          0x02bb6fe8
                                                                                                          0x02bb6ff6
                                                                                                          0x02bb6ff9
                                                                                                          0x02bb6ffc
                                                                                                          0x02bb6ffc
                                                                                                          0x02bb6fca
                                                                                                          0x02bb6ffd
                                                                                                          0x00000000
                                                                                                          0x02bb6ffd
                                                                                                          0x02bb6eef
                                                                                                          0x02bb6f62
                                                                                                          0x02bb6f67
                                                                                                          0x02bb6f6e
                                                                                                          0x02bb6f76
                                                                                                          0x00000000
                                                                                                          0x02bb6f76
                                                                                                          0x02bb6ef7
                                                                                                          0x02bb705f
                                                                                                          0x02bb7065
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bb7065
                                                                                                          0x02bb6efd
                                                                                                          0x02bb6f00
                                                                                                          0x02bb6f02
                                                                                                          0x02bb6f07
                                                                                                          0x02bb6f0b
                                                                                                          0x02bb6f15
                                                                                                          0x02bb6f12
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bb6f14
                                                                                                          0x02bb6f14
                                                                                                          0x02bb6f19
                                                                                                          0x02bb6f1b
                                                                                                          0x02bb6f1f
                                                                                                          0x02bb6f39
                                                                                                          0x02bb6f39
                                                                                                          0x00000000
                                                                                                          0x02bb6f39
                                                                                                          0x02bb6f21
                                                                                                          0x02bb6f33
                                                                                                          0x02bb6f33
                                                                                                          0x02bb6f37
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bb6f37
                                                                                                          0x00000000
                                                                                                          0x02bb6f21
                                                                                                          0x02bb7053
                                                                                                          0x02bb705a
                                                                                                          0x00000000

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: 0yu$5X'$8K$@Y$Nb5$Wd$an
                                                                                                          • API String ID: 0-1112794312
                                                                                                          • Opcode ID: 8ceae2b30f000509da637a0984cc5bd8077a08d23a0df455bcfc612fb6287505
                                                                                                          • Instruction ID: 75f98cd2b1431aee488cfa102b6d98db72e8439623fd547174b90cbd3a24286f
                                                                                                          • Opcode Fuzzy Hash: 8ceae2b30f000509da637a0984cc5bd8077a08d23a0df455bcfc612fb6287505
                                                                                                          • Instruction Fuzzy Hash: E8C133715093808FD328CF66C589A6BFBF2FBC5748F10895DF69686260D7B18949CF42
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BCDC71, Relevance: 9.0, Strings: 7, Instructions: 237COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 97%
                                                                                                          			E02BCDC71() {
				signed int _v4;
				char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				void* _t246;
				intOrPtr* _t248;
				signed int _t254;
				intOrPtr _t255;
				intOrPtr* _t256;
				signed int _t257;
				signed int _t258;
				signed int _t259;
				signed int _t260;
				signed int _t261;
				signed int _t262;
				void* _t263;
				void* _t290;
				signed int* _t294;

				_t294 =  &_v108;
				_v28 = 0x1aa6a3;
				_v28 = _v28 >> 4;
				_v28 = _v28 ^ 0x8001aa6b;
				_v68 = 0xf966b1;
				_v68 = _v68 | 0xf5f58fdd;
				_v4 = 0;
				_t290 = 0xa5173af;
				_t257 = 0x26;
				_v68 = _v68 / _t257;
				_v68 = _v68 ^ 0x0679357b;
				_v108 = 0xb8ff00;
				_v108 = _v108 | 0x28c12dd3;
				_t258 = 0x42;
				_v108 = _v108 / _t258;
				_v108 = _v108 + 0x2548;
				_v108 = _v108 ^ 0x0093f641;
				_v80 = 0x4a20cb;
				_v80 = _v80 | 0x50657e73;
				_v80 = _v80 >> 7;
				_v80 = _v80 ^ 0x00ac2c39;
				_v84 = 0x6237d1;
				_v84 = _v84 ^ 0x87c50ead;
				_v84 = _v84 << 4;
				_v84 = _v84 ^ 0x7a73b039;
				_v88 = 0x617a8;
				_v88 = _v88 << 0xa;
				_v88 = _v88 >> 0xc;
				_v88 = _v88 ^ 0x00004866;
				_v96 = 0x113f2;
				_v96 = _v96 + 0x334b;
				_v96 = _v96 << 0xb;
				_v96 = _v96 ^ 0x0285e17a;
				_v96 = _v96 ^ 0x08b84672;
				_v60 = 0x4bd9b6;
				_v60 = _v60 ^ 0x6ba7848f;
				_v60 = _v60 | 0xa40fa4df;
				_v60 = _v60 ^ 0xefe49c55;
				_v100 = 0xb12c48;
				_v100 = _v100 >> 0xf;
				_v100 = _v100 ^ 0x0d420031;
				_t259 = 0x33;
				_v100 = _v100 / _t259;
				_v100 = _v100 ^ 0x004184fb;
				_v104 = 0x387c2e;
				_v104 = _v104 << 5;
				_t260 = 0x72;
				_v104 = _v104 / _t260;
				_v104 = _v104 >> 0xc;
				_v104 = _v104 ^ 0x0003fa0e;
				_v64 = 0x9254d3;
				_v64 = _v64 ^ 0xec8ec683;
				_v64 = _v64 + 0xffff5a55;
				_v64 = _v64 ^ 0xec1fa99d;
				_v72 = 0xb608b;
				_v72 = _v72 + 0xffffc85a;
				_t261 = 0x43;
				_v72 = _v72 / _t261;
				_v72 = _v72 ^ 0x00012617;
				_v32 = 0x2b47af;
				_t262 = 0x73;
				_t254 = _v4;
				_v32 = _v32 / _t262;
				_v32 = _v32 ^ 0x0007dbbc;
				_v76 = 0xa2cc58;
				_v76 = _v76 * 0x79;
				_v76 = _v76 + 0x1556;
				_v76 = _v76 ^ 0x4cf4e816;
				_v36 = 0x411f8a;
				_v36 = _v36 ^ 0x039a7593;
				_v36 = _v36 ^ 0x03d0076c;
				_v48 = 0x32f559;
				_v48 = _v48 + 0x88cf;
				_v48 = _v48 >> 4;
				_v48 = _v48 ^ 0x000c1178;
				_v92 = 0xe53134;
				_v92 = _v92 + 0xffffd6c4;
				_v92 = _v92 + 0xfffff637;
				_v92 = _v92 ^ 0x9e819fd3;
				_v92 = _v92 ^ 0x9e661668;
				_v52 = 0x962c48;
				_v52 = _v52 + 0x54df;
				_v52 = _v52 << 4;
				_v52 = _v52 ^ 0x096c20fe;
				_v56 = 0x38983;
				_v56 = _v56 * 0x7b;
				_v56 = _v56 ^ 0x1e2e8742;
				_v56 = _v56 ^ 0x1f9fc20c;
				_v20 = 0x39c3;
				_v20 = _v20 ^ 0xdc0c04ea;
				_v20 = _v20 ^ 0xdc0d303f;
				_v44 = 0xdd799f;
				_v44 = _v44 + 0xffffa96c;
				_v44 = _v44 >> 0xc;
				_v44 = _v44 ^ 0x0003bcd5;
				_v24 = 0x7b2b38;
				_v24 = _v24 * 0x48;
				_v24 = _v24 ^ 0x22aaeece;
				_v40 = 0x38897c;
				_v40 = _v40 >> 0xe;
				_v40 = _v40 | 0xf4a0afb0;
				_v40 = _v40 ^ 0xf4ac49e4;
				_v12 = 0x92ab49;
				_v12 = _v12 ^ 0x4b1e6875;
				_v12 = _v12 ^ 0x4b80c344;
				_v16 = 0x5228cc;
				_v16 = _v16 | 0xaae3d00d;
				_v16 = _v16 ^ 0xaaf963f0;
				while(1) {
					L1:
					_t263 = 0x5c;
					while(1) {
						_t246 = 0xc02063;
						do {
							L3:
							while(_t290 != 0x13579) {
								if(_t290 == _t246) {
									_t248 = E02BD298D(_v20, _v44, _v24, _v8, _t254);
									_t294 =  &(_t294[3]);
									__eflags = _t248;
									_t290 = 0x13579;
									_v4 = 0 | __eflags == 0x00000000;
									goto L1;
								} else {
									if(_t290 == 0x79b4c83) {
										_push(_v88);
										_push(_v84);
										_push(_v80);
										__eflags = E02BB2DEA(_v96,  &_v8, _v60, 0x2bb10a0, _v28, _v100, 0x2bb10a0, 0x2bb10a0, _v104, _v64, 0x2bb10a0, 0x2bb10a0, _v68, _v72, _v32, _v76, _v36, E02BCE1F8(0x2bb10a0, _v108, __eflags));
										_t290 =  ==  ? 0xc02063 : 0x61b9dc3;
										E02BCFECB(_t249, _v48, _v92, _v52, _v56);
										_t294 =  &(_t294[0x16]);
										L16:
										_t246 = 0xc02063;
										_t263 = 0x5c;
									} else {
										if(_t290 == 0xa5173af) {
											_t290 = 0xac8592e;
											continue;
										} else {
											if(_t290 == 0xac8592e) {
												_t255 =  *0x2bd6214; // 0x0
												_t256 = _t255 + 0x23c;
												while( *_t256 != _t263) {
													_t256 = _t256 + 2;
													__eflags = _t256;
												}
												_t254 = _t256 + 2;
												_t290 = 0x79b4c83;
												_t246 = 0xc02063;
												continue;
											}
										}
									}
								}
								goto L17;
							}
							E02BB53D0(_v40, _v12, _v16, _v8);
							_t290 = 0x61b9dc3;
							goto L16;
							L17:
							__eflags = _t290 - 0x61b9dc3;
						} while (__eflags != 0);
						return _v4;
					}
				}
			}












































                                                                                                          0x02bcdc71
                                                                                                          0x02bcdc74
                                                                                                          0x02bcdc7e
                                                                                                          0x02bcdc85
                                                                                                          0x02bcdc8d
                                                                                                          0x02bcdc95
                                                                                                          0x02bcdca1
                                                                                                          0x02bcdca5
                                                                                                          0x02bcdcb0
                                                                                                          0x02bcdcb5
                                                                                                          0x02bcdcbb
                                                                                                          0x02bcdcc3
                                                                                                          0x02bcdccb
                                                                                                          0x02bcdcd7
                                                                                                          0x02bcdcdc
                                                                                                          0x02bcdce2
                                                                                                          0x02bcdcea
                                                                                                          0x02bcdcf2
                                                                                                          0x02bcdcfa
                                                                                                          0x02bcdd02
                                                                                                          0x02bcdd07
                                                                                                          0x02bcdd0f
                                                                                                          0x02bcdd17
                                                                                                          0x02bcdd1f
                                                                                                          0x02bcdd24
                                                                                                          0x02bcdd2c
                                                                                                          0x02bcdd34
                                                                                                          0x02bcdd39
                                                                                                          0x02bcdd3e
                                                                                                          0x02bcdd46
                                                                                                          0x02bcdd4e
                                                                                                          0x02bcdd56
                                                                                                          0x02bcdd5b
                                                                                                          0x02bcdd63
                                                                                                          0x02bcdd6b
                                                                                                          0x02bcdd73
                                                                                                          0x02bcdd7b
                                                                                                          0x02bcdd83
                                                                                                          0x02bcdd8b
                                                                                                          0x02bcdd93
                                                                                                          0x02bcdd98
                                                                                                          0x02bcdda4
                                                                                                          0x02bcdda9
                                                                                                          0x02bcddaf
                                                                                                          0x02bcddb7
                                                                                                          0x02bcddbf
                                                                                                          0x02bcddc8
                                                                                                          0x02bcddcd
                                                                                                          0x02bcddd3
                                                                                                          0x02bcddd8
                                                                                                          0x02bcdde0
                                                                                                          0x02bcdde8
                                                                                                          0x02bcddf0
                                                                                                          0x02bcddf8
                                                                                                          0x02bcde00
                                                                                                          0x02bcde08
                                                                                                          0x02bcde14
                                                                                                          0x02bcde17
                                                                                                          0x02bcde1d
                                                                                                          0x02bcde2a
                                                                                                          0x02bcde38
                                                                                                          0x02bcde3b
                                                                                                          0x02bcde3f
                                                                                                          0x02bcde43
                                                                                                          0x02bcde4b
                                                                                                          0x02bcde58
                                                                                                          0x02bcde5c
                                                                                                          0x02bcde64
                                                                                                          0x02bcde6c
                                                                                                          0x02bcde74
                                                                                                          0x02bcde7c
                                                                                                          0x02bcde84
                                                                                                          0x02bcde8c
                                                                                                          0x02bcde94
                                                                                                          0x02bcde99
                                                                                                          0x02bcdea1
                                                                                                          0x02bcdea9
                                                                                                          0x02bcdeb1
                                                                                                          0x02bcdeb9
                                                                                                          0x02bcdec1
                                                                                                          0x02bcdec9
                                                                                                          0x02bcded1
                                                                                                          0x02bcded9
                                                                                                          0x02bcdede
                                                                                                          0x02bcdee6
                                                                                                          0x02bcdef3
                                                                                                          0x02bcdef7
                                                                                                          0x02bcdeff
                                                                                                          0x02bcdf07
                                                                                                          0x02bcdf0f
                                                                                                          0x02bcdf17
                                                                                                          0x02bcdf1f
                                                                                                          0x02bcdf27
                                                                                                          0x02bcdf2f
                                                                                                          0x02bcdf34
                                                                                                          0x02bcdf3c
                                                                                                          0x02bcdf49
                                                                                                          0x02bcdf4d
                                                                                                          0x02bcdf55
                                                                                                          0x02bcdf5d
                                                                                                          0x02bcdf62
                                                                                                          0x02bcdf6a
                                                                                                          0x02bcdf72
                                                                                                          0x02bcdf7a
                                                                                                          0x02bcdf82
                                                                                                          0x02bcdf8a
                                                                                                          0x02bcdf92
                                                                                                          0x02bcdf9a
                                                                                                          0x02bcdfa2
                                                                                                          0x02bcdfa2
                                                                                                          0x02bcdfa4
                                                                                                          0x02bcdfa5
                                                                                                          0x02bcdfa5
                                                                                                          0x02bcdfaa
                                                                                                          0x00000000
                                                                                                          0x02bcdfaa
                                                                                                          0x02bcdfb8
                                                                                                          0x02bce0a0
                                                                                                          0x02bce0a7
                                                                                                          0x02bce0aa
                                                                                                          0x02bce0ac
                                                                                                          0x02bce0b4
                                                                                                          0x00000000
                                                                                                          0x02bcdfbe
                                                                                                          0x02bcdfc4
                                                                                                          0x02bce001
                                                                                                          0x02bce00a
                                                                                                          0x02bce00e
                                                                                                          0x02bce065
                                                                                                          0x02bce082
                                                                                                          0x02bce085
                                                                                                          0x02bce08a
                                                                                                          0x02bce0d6
                                                                                                          0x02bce0d8
                                                                                                          0x02bce0dd
                                                                                                          0x02bcdfc6
                                                                                                          0x02bcdfcc
                                                                                                          0x02bcdffa
                                                                                                          0x00000000
                                                                                                          0x02bcdfce
                                                                                                          0x02bcdfd4
                                                                                                          0x02bcdfda
                                                                                                          0x02bcdfe0
                                                                                                          0x02bcdfeb
                                                                                                          0x02bcdfe8
                                                                                                          0x02bcdfe8
                                                                                                          0x02bcdfe8
                                                                                                          0x02bcdff0
                                                                                                          0x02bcdff3
                                                                                                          0x02bcdfa5
                                                                                                          0x00000000
                                                                                                          0x02bcdfa5
                                                                                                          0x02bcdfd4
                                                                                                          0x02bcdfcc
                                                                                                          0x02bcdfc4
                                                                                                          0x00000000
                                                                                                          0x02bcdfb8
                                                                                                          0x02bce0cd
                                                                                                          0x02bce0d4
                                                                                                          0x00000000
                                                                                                          0x02bce0de
                                                                                                          0x02bce0de
                                                                                                          0x02bce0de
                                                                                                          0x02bce0f1
                                                                                                          0x02bce0f1
                                                                                                          0x02bcdfa5

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: .|8$1$41$8+{$H%$fH$s~eP
                                                                                                          • API String ID: 0-3664284304
                                                                                                          • Opcode ID: 3b09354d4ca3edc82ef727ff91d6f0ff89dcaebddca5adbf2847e4c082a6b041
                                                                                                          • Instruction ID: d4842c7f1b06777a335545d219ad9bef64d1ee73c8f7cae54d48db70c80ac283
                                                                                                          • Opcode Fuzzy Hash: 3b09354d4ca3edc82ef727ff91d6f0ff89dcaebddca5adbf2847e4c082a6b041
                                                                                                          • Instruction Fuzzy Hash: 52B12F725083809FD369CF25D48A50BFBE2FBC4758F20891DF69A86260D7B98949CF47
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BB670B, Relevance: 9.0, Strings: 7, Instructions: 232COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 97%
                                                                                                          			E02BB670B() {
				char _v524;
				intOrPtr _v548;
				char _v564;
				intOrPtr _v568;
				intOrPtr _v572;
				intOrPtr _v576;
				intOrPtr _v584;
				char _v588;
				signed int _v592;
				signed int _v596;
				signed int _v600;
				signed int _v604;
				signed int _v608;
				signed int _v612;
				signed int _v616;
				signed int _v620;
				signed int _v624;
				signed int _v628;
				signed int _v632;
				signed int _v636;
				signed int _v640;
				signed int _v644;
				signed int _v648;
				signed int _v652;
				signed int _v656;
				signed int _v660;
				signed int _v664;
				signed int _v668;
				signed int _v672;
				signed int _v676;
				signed int _v680;
				void* _t233;
				signed int _t236;
				signed int _t238;
				void* _t239;
				signed int _t241;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t258;
				intOrPtr _t259;
				void* _t261;
				void* _t266;
				void* _t268;

				_v576 = 0x5c6bdc;
				_v572 = 0xae866a;
				_t259 = 0;
				_t261 = 0xb8e9ee3;
				_v568 = 0;
				_v612 = 0xec3aec;
				_t5 =  &_v612; // 0xec3aec
				_t241 = 0x62;
				_v612 =  *_t5 * 0x6c;
				_v612 = _v612 | 0xdabeec40;
				_v612 = _v612 ^ 0xfbbeff50;
				_v604 = 0x37b038;
				_v604 = _v604 >> 0xd;
				_v604 = _v604 ^ 0x000001bc;
				_v624 = 0x7f5f56;
				_v624 = _v624 + 0xffff5a99;
				_v624 = _v624 << 4;
				_v624 = _v624 ^ 0x07eb9ef3;
				_v628 = 0x55d92;
				_v628 = _v628 >> 0x10;
				_v628 = _v628 ^ 0x0529ff2d;
				_v628 = _v628 ^ 0x052de72a;
				_v664 = 0x989cfa;
				_v664 = _v664 * 0x6a;
				_v664 = _v664 | 0x8da787ac;
				_v664 = _v664 + 0xffffc08b;
				_v664 = _v664 ^ 0xbfb72d66;
				_v672 = 0x5126c1;
				_v672 = _v672 << 0xa;
				_v672 = _v672 | 0x6300e881;
				_v672 = _v672 * 0x1d;
				_v672 = _v672 ^ 0xbca67a4e;
				_v636 = 0x3defe6;
				_t49 =  &_v636; // 0x3defe6
				_v636 =  *_t49 * 9;
				_t51 =  &_v636; // 0x3defe6
				_v636 =  *_t51 * 0x52;
				_v636 = _v636 ^ 0xb28641ab;
				_v632 = 0xea2077;
				_t56 =  &_v632; // 0xea2077
				_v632 =  *_t56 * 0x65;
				_v632 = _v632 << 2;
				_v632 = _v632 ^ 0x7174f9be;
				_v660 = 0x2cce37;
				_v660 = _v660 << 0xd;
				_v660 = _v660 / _t241;
				_v660 = _v660 << 4;
				_v660 = _v660 ^ 0x1917ca80;
				_v676 = 0x92ca3e;
				_t242 = 0x12;
				_v676 = _v676 * 0x4b;
				_v676 = _v676 << 0xf;
				_v676 = _v676 >> 2;
				_v676 = _v676 ^ 0x28034127;
				_v596 = 0xf7772a;
				_v596 = _v596 + 0xffff3df8;
				_v596 = _v596 ^ 0x00fc52ab;
				_v644 = 0x6698d1;
				_v644 = _v644 | 0xc199dbe0;
				_v644 = _v644 ^ 0xc1fcc133;
				_v592 = 0x7143e7;
				_v592 = _v592 >> 2;
				_v592 = _v592 ^ 0x0010b3e1;
				_v652 = 0x9a4189;
				_v652 = _v652 * 0x60;
				_v652 = _v652 / _t242;
				_v652 = _v652 ^ 0x033cbda1;
				_v668 = 0xc5fab;
				_v668 = _v668 << 0xb;
				_v668 = _v668 >> 9;
				_v668 = _v668 + 0x8f67;
				_v668 = _v668 ^ 0x0031c4ff;
				_v600 = 0x6e8ee8;
				_v600 = _v600 ^ 0x0d880c60;
				_v600 = _v600 ^ 0x0deba949;
				_v616 = 0xb65c97;
				_v616 = _v616 + 0xffff6050;
				_v616 = _v616 << 6;
				_v616 = _v616 ^ 0x2d666d98;
				_v640 = 0xcc6d21;
				_t243 = 0x1b;
				_v640 = _v640 / _t243;
				_v640 = _v640 >> 0xe;
				_v640 = _v640 ^ 0x000eaea1;
				_v680 = 0x87d5f6;
				_t244 = 0x76;
				_v680 = _v680 * 0x1f;
				_v680 = _v680 << 9;
				_v680 = _v680 + 0xffff990b;
				_v680 = _v680 ^ 0xe5dd4258;
				_v608 = 0xe96961;
				_v608 = _v608 | 0xb6f9188e;
				_v608 = _v608 ^ 0xb6fb8930;
				_v656 = 0xc61929;
				_v656 = _v656 >> 2;
				_v656 = _v656 + 0xcacc;
				_v656 = _v656 << 2;
				_v656 = _v656 ^ 0x00c38b27;
				_v648 = 0x21afdf;
				_v648 = _v648 + 0x614;
				_v648 = _v648 + 0x692f;
				_v648 = _v648 ^ 0x002627a2;
				_v620 = 0xc6d0;
				_v620 = _v620 + 0xee3f;
				_t240 = _v608;
				_v620 = _v620 / _t244;
				_v620 = _v620 ^ 0x0005d3ba;
				do {
					while(_t261 != 0x885c2e) {
						if(_t261 == 0x1fa5b7d) {
							_t244 = _v628;
							_t233 = E02BD0DB1(_t244,  &_v524, __eflags, _v664, _t244, _v672);
							_t268 = _t268 + 0xc;
							__eflags = _t233;
							if(__eflags != 0) {
								_t261 = 0x6c35f0b;
								continue;
							}
						} else {
							if(_t261 == 0x4edc737) {
								_push(_t244);
								_t236 = E02BCDBC1(_t240, _v652,  &_v564, _t244, _v668, _v600, _v616);
								_t258 = _v680;
								_t244 = _v640;
								asm("sbb esi, esi");
								_t261 = ( ~_t236 & 0xfe84828b) + 0x203d9a3;
								E02BD1538(_t244, _t258, _t240);
								_t268 = _t268 + 0x1c;
								goto L14;
							} else {
								if(_t261 == 0x6c35f0b) {
									_t258 = _v636;
									_t244 =  &_v524;
									_t238 = E02BD45CA(_t244, _t258, _t244, _t244, _v632, _v660, _v676, _v612, _v596, _v644, _t259, _v592, _v624, _v604);
									_t240 = _t238;
									_t268 = _t268 + 0x30;
									__eflags = _t238 - 0xffffffff;
									if(__eflags != 0) {
										_t261 = 0x4edc737;
										continue;
									}
								} else {
									if(_t261 == 0x8f2e6fb) {
										_t239 = E02BB5477(_t244);
										_t266 = _v588 - _v548;
										asm("sbb ecx, [esp+0x9c]");
										__eflags = _v584 - _t258;
										if(__eflags >= 0) {
											if(__eflags > 0) {
												L19:
												_t259 = 1;
												__eflags = 1;
											} else {
												__eflags = _t266 - _t239;
												if(_t266 >= _t239) {
													goto L19;
												}
											}
										}
									} else {
										if(_t261 != 0xb8e9ee3) {
											goto L14;
										} else {
											_t261 = 0x1fa5b7d;
											continue;
										}
									}
								}
							}
						}
						L20:
						return _t259;
					}
					_t244 = _v608;
					E02BCCA1F(_t244, _v656,  &_v588, _v648, _v620);
					_t268 = _t268 + 0xc;
					_t261 = 0x8f2e6fb;
					L14:
					__eflags = _t261 - 0x203d9a3;
				} while (__eflags != 0);
				goto L20;
			}















































                                                                                                          0x02bb6711
                                                                                                          0x02bb671b
                                                                                                          0x02bb6727
                                                                                                          0x02bb6729
                                                                                                          0x02bb672e
                                                                                                          0x02bb6735
                                                                                                          0x02bb673d
                                                                                                          0x02bb6744
                                                                                                          0x02bb6747
                                                                                                          0x02bb674b
                                                                                                          0x02bb6753
                                                                                                          0x02bb675b
                                                                                                          0x02bb6763
                                                                                                          0x02bb6768
                                                                                                          0x02bb6770
                                                                                                          0x02bb6778
                                                                                                          0x02bb6780
                                                                                                          0x02bb6785
                                                                                                          0x02bb678d
                                                                                                          0x02bb6795
                                                                                                          0x02bb679a
                                                                                                          0x02bb67a2
                                                                                                          0x02bb67aa
                                                                                                          0x02bb67b7
                                                                                                          0x02bb67bb
                                                                                                          0x02bb67c3
                                                                                                          0x02bb67cb
                                                                                                          0x02bb67d3
                                                                                                          0x02bb67db
                                                                                                          0x02bb67e0
                                                                                                          0x02bb67ed
                                                                                                          0x02bb67f1
                                                                                                          0x02bb67f9
                                                                                                          0x02bb6801
                                                                                                          0x02bb6806
                                                                                                          0x02bb680a
                                                                                                          0x02bb680f
                                                                                                          0x02bb6813
                                                                                                          0x02bb681b
                                                                                                          0x02bb6823
                                                                                                          0x02bb6828
                                                                                                          0x02bb682c
                                                                                                          0x02bb6831
                                                                                                          0x02bb6839
                                                                                                          0x02bb6841
                                                                                                          0x02bb684e
                                                                                                          0x02bb6852
                                                                                                          0x02bb6857
                                                                                                          0x02bb685f
                                                                                                          0x02bb686c
                                                                                                          0x02bb686d
                                                                                                          0x02bb6871
                                                                                                          0x02bb6876
                                                                                                          0x02bb687b
                                                                                                          0x02bb6883
                                                                                                          0x02bb688b
                                                                                                          0x02bb6893
                                                                                                          0x02bb689b
                                                                                                          0x02bb68a3
                                                                                                          0x02bb68ab
                                                                                                          0x02bb68b3
                                                                                                          0x02bb68bb
                                                                                                          0x02bb68c0
                                                                                                          0x02bb68c8
                                                                                                          0x02bb68d5
                                                                                                          0x02bb68df
                                                                                                          0x02bb68e5
                                                                                                          0x02bb68f2
                                                                                                          0x02bb68fa
                                                                                                          0x02bb68ff
                                                                                                          0x02bb6904
                                                                                                          0x02bb690c
                                                                                                          0x02bb6914
                                                                                                          0x02bb691c
                                                                                                          0x02bb6924
                                                                                                          0x02bb692c
                                                                                                          0x02bb6934
                                                                                                          0x02bb693c
                                                                                                          0x02bb6941
                                                                                                          0x02bb6949
                                                                                                          0x02bb6957
                                                                                                          0x02bb695c
                                                                                                          0x02bb6962
                                                                                                          0x02bb6967
                                                                                                          0x02bb696f
                                                                                                          0x02bb697c
                                                                                                          0x02bb697d
                                                                                                          0x02bb6981
                                                                                                          0x02bb6986
                                                                                                          0x02bb698e
                                                                                                          0x02bb6996
                                                                                                          0x02bb699e
                                                                                                          0x02bb69a6
                                                                                                          0x02bb69ae
                                                                                                          0x02bb69b6
                                                                                                          0x02bb69bb
                                                                                                          0x02bb69c3
                                                                                                          0x02bb69c8
                                                                                                          0x02bb69d0
                                                                                                          0x02bb69d8
                                                                                                          0x02bb69e0
                                                                                                          0x02bb69e8
                                                                                                          0x02bb69f0
                                                                                                          0x02bb69f8
                                                                                                          0x02bb6a06
                                                                                                          0x02bb6a0a
                                                                                                          0x02bb6a0e
                                                                                                          0x02bb6a16
                                                                                                          0x02bb6a16
                                                                                                          0x02bb6a24
                                                                                                          0x02bb6afb
                                                                                                          0x02bb6aff
                                                                                                          0x02bb6b04
                                                                                                          0x02bb6b07
                                                                                                          0x02bb6b09
                                                                                                          0x02bb6b0b
                                                                                                          0x00000000
                                                                                                          0x02bb6b0b
                                                                                                          0x02bb6a2a
                                                                                                          0x02bb6a30
                                                                                                          0x02bb6aa5
                                                                                                          0x02bb6ac1
                                                                                                          0x02bb6ac6
                                                                                                          0x02bb6acc
                                                                                                          0x02bb6ad3
                                                                                                          0x02bb6adb
                                                                                                          0x02bb6ae1
                                                                                                          0x02bb6ae6
                                                                                                          0x00000000
                                                                                                          0x02bb6a32
                                                                                                          0x02bb6a38
                                                                                                          0x02bb6a7b
                                                                                                          0x02bb6a81
                                                                                                          0x02bb6a88
                                                                                                          0x02bb6a8d
                                                                                                          0x02bb6a8f
                                                                                                          0x02bb6a92
                                                                                                          0x02bb6a95
                                                                                                          0x02bb6a9b
                                                                                                          0x00000000
                                                                                                          0x02bb6a9b
                                                                                                          0x02bb6a3a
                                                                                                          0x02bb6a40
                                                                                                          0x02bb6b45
                                                                                                          0x02bb6b4e
                                                                                                          0x02bb6b59
                                                                                                          0x02bb6b60
                                                                                                          0x02bb6b62
                                                                                                          0x02bb6b64
                                                                                                          0x02bb6b6a
                                                                                                          0x02bb6b6c
                                                                                                          0x02bb6b6c
                                                                                                          0x02bb6b66
                                                                                                          0x02bb6b66
                                                                                                          0x02bb6b68
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bb6b68
                                                                                                          0x02bb6b64
                                                                                                          0x02bb6a46
                                                                                                          0x02bb6a4c
                                                                                                          0x00000000
                                                                                                          0x02bb6a52
                                                                                                          0x02bb6a52
                                                                                                          0x00000000
                                                                                                          0x02bb6a52
                                                                                                          0x02bb6a4c
                                                                                                          0x02bb6a40
                                                                                                          0x02bb6a38
                                                                                                          0x02bb6a30
                                                                                                          0x02bb6b6d
                                                                                                          0x02bb6b79
                                                                                                          0x02bb6b79
                                                                                                          0x02bb6b25
                                                                                                          0x02bb6b2a
                                                                                                          0x02bb6b2f
                                                                                                          0x02bb6b32
                                                                                                          0x02bb6b37
                                                                                                          0x02bb6b37
                                                                                                          0x02bb6b37
                                                                                                          0x00000000

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: /i$?$ai$w $:$Cq$=
                                                                                                          • API String ID: 0-170593755
                                                                                                          • Opcode ID: 6a76146150763d185147f5716e969069fdfaef2cf1abbd44bbf6199f519e4632
                                                                                                          • Instruction ID: dbc2b9732c945ef97e67b218ea2eae84e9e7311c2a5bfd00e83b64c33e98b78d
                                                                                                          • Opcode Fuzzy Hash: 6a76146150763d185147f5716e969069fdfaef2cf1abbd44bbf6199f519e4632
                                                                                                          • Instruction Fuzzy Hash: A5B12E728083809FC369CF64C58A95BFBF5BBD5748F108A1DF5A9A6220D3B58949CF43
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BC4A66, Relevance: 7.8, Strings: 6, Instructions: 269COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 98%
                                                                                                          			E02BC4A66() {
				char _v520;
				intOrPtr _v524;
				intOrPtr _v528;
				intOrPtr _v532;
				signed int _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _v572;
				signed int _v576;
				signed int _v580;
				signed int _v584;
				signed int _v588;
				signed int _v592;
				signed int _v596;
				signed int _v600;
				signed int _v604;
				signed int _v608;
				signed int _v612;
				signed int _v616;
				signed int _v620;
				signed int _v624;
				signed int _v628;
				signed int _v632;
				signed int _v636;
				signed int _v640;
				void* _t271;
				void* _t272;
				intOrPtr _t277;
				intOrPtr _t283;
				signed int _t285;
				intOrPtr _t287;
				void* _t289;
				intOrPtr _t294;
				intOrPtr _t311;
				signed int _t317;
				signed int _t318;
				signed int _t319;
				signed int _t320;
				signed int _t321;
				signed int _t322;
				signed int _t323;
				intOrPtr _t325;
				signed int* _t327;
				void* _t330;

				_t327 =  &_v640;
				_v532 = 0x9eda53;
				_v528 = 0x2697e4;
				_t289 = 0xd8634eb;
				_t325 = 0;
				_v524 = 0;
				_v580 = 0x257a8f;
				_v580 = _v580 + 0xffff0a69;
				_t317 = 0x46;
				_v580 = _v580 / _t317;
				_v580 = _v580 ^ 0x00008592;
				_v556 = 0x213626;
				_t16 =  &_v556; // 0x213626
				_t318 = 0x3f;
				_v556 =  *_t16 * 0x37;
				_v556 = _v556 ^ 0x0722a203;
				_v564 = 0xc854a8;
				_v564 = _v564 >> 0xd;
				_v564 = _v564 ^ 0x000f067d;
				_v568 = 0x3071d1;
				_v568 = _v568 + 0xffff48c8;
				_v568 = _v568 ^ 0x002621f6;
				_v548 = 0x47fca2;
				_v548 = _v548 ^ 0x7cca96d7;
				_v548 = _v548 ^ 0x7c82555f;
				_v624 = 0xc0bc8e;
				_v624 = _v624 | 0x773eab6a;
				_v624 = _v624 + 0x32c;
				_v624 = _v624 + 0xe315;
				_v624 = _v624 ^ 0x77fb7a9a;
				_v544 = 0x592636;
				_v544 = _v544 << 0xb;
				_v544 = _v544 ^ 0xc9333252;
				_v572 = 0x38b1a;
				_v572 = _v572 ^ 0xe2d962db;
				_v572 = _v572 ^ 0xe2dfc1be;
				_v592 = 0x205e14;
				_v592 = _v592 + 0xffffa7ef;
				_v592 = _v592 + 0xffff7efd;
				_v592 = _v592 ^ 0x001a340d;
				_v540 = 0xa56fb;
				_v540 = _v540 ^ 0x6fafefe0;
				_v540 = _v540 ^ 0x6fae5e5f;
				_v616 = 0x18df03;
				_v616 = _v616 >> 6;
				_v616 = _v616 + 0x4bd4;
				_v616 = _v616 * 0xb;
				_v616 = _v616 ^ 0x000ee45e;
				_v632 = 0xf97e7d;
				_v632 = _v632 >> 0xe;
				_v632 = _v632 << 1;
				_v632 = _v632 >> 8;
				_v632 = _v632 ^ 0x0007c205;
				_v588 = 0x1ac705;
				_v588 = _v588 >> 0xe;
				_v588 = _v588 | 0x5b484d5d;
				_v588 = _v588 ^ 0x5b49b1bf;
				_v608 = 0xcfa712;
				_v608 = _v608 << 0xb;
				_v608 = _v608 + 0xffff02b3;
				_v608 = _v608 / _t318;
				_v608 = _v608 ^ 0x01ff3be8;
				_v600 = 0x40b8c7;
				_v600 = _v600 >> 0xe;
				_v600 = _v600 + 0xffff3f18;
				_v600 = _v600 ^ 0xffff31b4;
				_v560 = 0xb86873;
				_v560 = _v560 * 0x79;
				_v560 = _v560 ^ 0x572fdc31;
				_v596 = 0x3e642a;
				_t319 = 0x51;
				_v596 = _v596 / _t319;
				_t320 = 0x15;
				_v596 = _v596 / _t320;
				_v596 = _v596 ^ 0x00087e57;
				_v636 = 0x2d2a20;
				_t132 =  &_v636; // 0x2d2a20
				_t321 = 0x64;
				_v636 =  *_t132 * 0x60;
				_v636 = _v636 + 0xd33d;
				_v636 = _v636 << 5;
				_v636 = _v636 ^ 0x1e1aa121;
				_v640 = 0xb10dcc;
				_v640 = _v640 | 0xc382035c;
				_v640 = _v640 << 7;
				_v640 = _v640 | 0x409aa621;
				_v640 = _v640 ^ 0xd99a11e4;
				_v584 = 0xf23298;
				_v584 = _v584 / _t321;
				_v584 = _v584 << 0xa;
				_v584 = _v584 ^ 0x09bffa87;
				_v620 = 0xffd84f;
				_v620 = _v620 + 0x561c;
				_v620 = _v620 + 0x86f;
				_v620 = _v620 ^ 0xc18b30ac;
				_v620 = _v620 ^ 0xc08b73c8;
				_v628 = 0x373ddb;
				_v628 = _v628 | 0x384c5e9f;
				_v628 = _v628 >> 0xc;
				_v628 = _v628 + 0xc32f;
				_v628 = _v628 ^ 0x000038bb;
				_v604 = 0xfde248;
				_v604 = _v604 + 0xffff394c;
				_t322 = 0x71;
				_v604 = _v604 * 0xa;
				_v604 = _v604 ^ 0x90dc5ac9;
				_v604 = _v604 ^ 0x99310c60;
				_v576 = 0xeb2acc;
				_v576 = _v576 / _t322;
				_v576 = _v576 >> 0xf;
				_v576 = _v576 ^ 0x000b47a1;
				_v612 = 0xe0e237;
				_t199 =  &_v612; // 0xe0e237
				_t323 = 0x22;
				_v612 =  *_t199 * 0x63;
				_v612 = _v612 << 0xf;
				_v612 = _v612 + 0xffff9396;
				_v612 = _v612 ^ 0xbdacf125;
				_v552 = 0xa3e3d4;
				_t324 = _v536;
				_v552 = _v552 / _t323;
				_v552 = _v552 ^ 0x00068221;
				goto L1;
				do {
					while(1) {
						L1:
						_t330 = _t289 - 0xa9836df;
						if(_t330 > 0) {
							break;
						}
						if(_t330 == 0) {
							E02BB3046(_v616, _v632, _v588, _t324, _v608);
							_t327 =  &(_t327[3]);
							L12:
							_t289 = 0xc26911c;
							continue;
						}
						if(_t289 == 0x7276a71) {
							_v536 = _v580;
							goto L12;
						}
						if(_t289 == 0x85778ce) {
							E02BC07F4();
							_t289 = 0x9029ee2;
							continue;
						}
						if(_t289 == 0x9029ee2) {
							E02BD0DB1(_v584,  &_v520, __eflags, _v620, _t289, _v628);
							_t283 = E02BBEFE1(_v576, _v612, _v552,  &_v520);
							_t294 =  *0x2bd6214; // 0x0
							 *((intOrPtr*)(_t294 + 4)) = _t283;
							L23:
							return _t325;
						}
						if(_t289 != 0x9959e7d) {
							goto L20;
						}
						_t285 = E02BCE8B6(_t289, _v572, _v592, _t289, _v564, _v540);
						_t324 = _t285;
						_t327 =  &(_t327[4]);
						if(_t285 == 0) {
							_t289 = 0x7276a71;
						} else {
							_t287 =  *0x2bd6214; // 0x0
							 *((intOrPtr*)(_t287 + 0x20)) = 1;
							_t289 = 0xdb6aac8;
						}
					}
					__eflags = _t289 - 0xc26911c;
					if(_t289 == 0xc26911c) {
						_t311 =  *0x2bd6214; // 0x0
						_t271 = E02BB1A34(_v600, _t311 + 0x34, _t289, _t289, _v560, _v596, _v636, _t289, _v536, _v640);
						_t327 =  &(_t327[8]);
						_t289 = 0x85778ce;
						__eflags = _t271;
						_t272 = 1;
						_t325 =  ==  ? _t272 : _t325;
						goto L20;
					}
					__eflags = _t289 - 0xd8634eb;
					if(_t289 == 0xd8634eb) {
						_push(_t289);
						_push(_t289);
						_t277 = E02BBC5D8(0x444);
						_t327 =  &(_t327[3]);
						 *0x2bd6214 = _t277;
						_t289 = 0x9959e7d;
						goto L1;
					}
					__eflags = _t289 - 0xdb6aac8;
					if(__eflags != 0) {
						goto L20;
					}
					_t289 = 0xa9836df;
					_v536 = _v556;
					goto L1;
					L20:
					__eflags = _t289 - 0xdb6d293;
				} while (__eflags != 0);
				goto L23;
			}





















































                                                                                                          0x02bc4a66
                                                                                                          0x02bc4a6c
                                                                                                          0x02bc4a76
                                                                                                          0x02bc4a7e
                                                                                                          0x02bc4a86
                                                                                                          0x02bc4a88
                                                                                                          0x02bc4a8f
                                                                                                          0x02bc4a97
                                                                                                          0x02bc4aa6
                                                                                                          0x02bc4aab
                                                                                                          0x02bc4ab1
                                                                                                          0x02bc4ab9
                                                                                                          0x02bc4ac1
                                                                                                          0x02bc4ac6
                                                                                                          0x02bc4ac7
                                                                                                          0x02bc4acb
                                                                                                          0x02bc4ad3
                                                                                                          0x02bc4adb
                                                                                                          0x02bc4ae0
                                                                                                          0x02bc4ae8
                                                                                                          0x02bc4af0
                                                                                                          0x02bc4af8
                                                                                                          0x02bc4b00
                                                                                                          0x02bc4b08
                                                                                                          0x02bc4b10
                                                                                                          0x02bc4b18
                                                                                                          0x02bc4b20
                                                                                                          0x02bc4b28
                                                                                                          0x02bc4b30
                                                                                                          0x02bc4b38
                                                                                                          0x02bc4b40
                                                                                                          0x02bc4b48
                                                                                                          0x02bc4b4d
                                                                                                          0x02bc4b55
                                                                                                          0x02bc4b5d
                                                                                                          0x02bc4b65
                                                                                                          0x02bc4b6d
                                                                                                          0x02bc4b75
                                                                                                          0x02bc4b7d
                                                                                                          0x02bc4b85
                                                                                                          0x02bc4b8d
                                                                                                          0x02bc4b95
                                                                                                          0x02bc4b9d
                                                                                                          0x02bc4ba5
                                                                                                          0x02bc4bad
                                                                                                          0x02bc4bb2
                                                                                                          0x02bc4bbf
                                                                                                          0x02bc4bc3
                                                                                                          0x02bc4bcb
                                                                                                          0x02bc4bd3
                                                                                                          0x02bc4bd8
                                                                                                          0x02bc4bdc
                                                                                                          0x02bc4be1
                                                                                                          0x02bc4be9
                                                                                                          0x02bc4bf1
                                                                                                          0x02bc4bf6
                                                                                                          0x02bc4bfe
                                                                                                          0x02bc4c06
                                                                                                          0x02bc4c0e
                                                                                                          0x02bc4c13
                                                                                                          0x02bc4c21
                                                                                                          0x02bc4c25
                                                                                                          0x02bc4c2d
                                                                                                          0x02bc4c35
                                                                                                          0x02bc4c3a
                                                                                                          0x02bc4c42
                                                                                                          0x02bc4c4a
                                                                                                          0x02bc4c57
                                                                                                          0x02bc4c5b
                                                                                                          0x02bc4c65
                                                                                                          0x02bc4c7d
                                                                                                          0x02bc4c82
                                                                                                          0x02bc4c8c
                                                                                                          0x02bc4c91
                                                                                                          0x02bc4c97
                                                                                                          0x02bc4c9f
                                                                                                          0x02bc4ca7
                                                                                                          0x02bc4cac
                                                                                                          0x02bc4caf
                                                                                                          0x02bc4cb3
                                                                                                          0x02bc4cbb
                                                                                                          0x02bc4cc0
                                                                                                          0x02bc4cc8
                                                                                                          0x02bc4cd0
                                                                                                          0x02bc4cd8
                                                                                                          0x02bc4cdd
                                                                                                          0x02bc4ce5
                                                                                                          0x02bc4ced
                                                                                                          0x02bc4cfd
                                                                                                          0x02bc4d01
                                                                                                          0x02bc4d06
                                                                                                          0x02bc4d0e
                                                                                                          0x02bc4d16
                                                                                                          0x02bc4d1e
                                                                                                          0x02bc4d26
                                                                                                          0x02bc4d2e
                                                                                                          0x02bc4d36
                                                                                                          0x02bc4d3e
                                                                                                          0x02bc4d46
                                                                                                          0x02bc4d4b
                                                                                                          0x02bc4d53
                                                                                                          0x02bc4d5b
                                                                                                          0x02bc4d63
                                                                                                          0x02bc4d70
                                                                                                          0x02bc4d73
                                                                                                          0x02bc4d77
                                                                                                          0x02bc4d7f
                                                                                                          0x02bc4d87
                                                                                                          0x02bc4d97
                                                                                                          0x02bc4d9b
                                                                                                          0x02bc4da0
                                                                                                          0x02bc4da8
                                                                                                          0x02bc4db0
                                                                                                          0x02bc4db5
                                                                                                          0x02bc4db6
                                                                                                          0x02bc4dba
                                                                                                          0x02bc4dbf
                                                                                                          0x02bc4dc7
                                                                                                          0x02bc4dcf
                                                                                                          0x02bc4ddd
                                                                                                          0x02bc4de1
                                                                                                          0x02bc4de5
                                                                                                          0x02bc4de5
                                                                                                          0x02bc4ded
                                                                                                          0x02bc4ded
                                                                                                          0x02bc4ded
                                                                                                          0x02bc4ded
                                                                                                          0x02bc4def
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bc4df5
                                                                                                          0x02bc4e83
                                                                                                          0x02bc4e88
                                                                                                          0x02bc4e6b
                                                                                                          0x02bc4e6b
                                                                                                          0x00000000
                                                                                                          0x02bc4e6b
                                                                                                          0x02bc4dfd
                                                                                                          0x02bc4e67
                                                                                                          0x00000000
                                                                                                          0x02bc4e67
                                                                                                          0x02bc4e05
                                                                                                          0x02bc4e57
                                                                                                          0x02bc4e5c
                                                                                                          0x00000000
                                                                                                          0x02bc4e5c
                                                                                                          0x02bc4e0d
                                                                                                          0x02bc4f39
                                                                                                          0x02bc4f56
                                                                                                          0x02bc4f5b
                                                                                                          0x02bc4f64
                                                                                                          0x02bc4f68
                                                                                                          0x02bc4f73
                                                                                                          0x02bc4f73
                                                                                                          0x02bc4e19
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bc4e30
                                                                                                          0x02bc4e35
                                                                                                          0x02bc4e37
                                                                                                          0x02bc4e3c
                                                                                                          0x02bc4e50
                                                                                                          0x02bc4e3e
                                                                                                          0x02bc4e3e
                                                                                                          0x02bc4e46
                                                                                                          0x02bc4e49
                                                                                                          0x02bc4e49
                                                                                                          0x02bc4e3c
                                                                                                          0x02bc4e8d
                                                                                                          0x02bc4e8f
                                                                                                          0x02bc4ef3
                                                                                                          0x02bc4f02
                                                                                                          0x02bc4f07
                                                                                                          0x02bc4f0a
                                                                                                          0x02bc4f0f
                                                                                                          0x02bc4f13
                                                                                                          0x02bc4f14
                                                                                                          0x00000000
                                                                                                          0x02bc4f14
                                                                                                          0x02bc4e91
                                                                                                          0x02bc4e97
                                                                                                          0x02bc4ec0
                                                                                                          0x02bc4ec1
                                                                                                          0x02bc4ec7
                                                                                                          0x02bc4ecc
                                                                                                          0x02bc4ecf
                                                                                                          0x02bc4ed4
                                                                                                          0x00000000
                                                                                                          0x02bc4ed4
                                                                                                          0x02bc4e99
                                                                                                          0x02bc4e9f
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bc4ea5
                                                                                                          0x02bc4ea7
                                                                                                          0x00000000
                                                                                                          0x02bc4f17
                                                                                                          0x02bc4f17
                                                                                                          0x02bc4f17
                                                                                                          0x00000000

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: *-$&6!$*d>$6&Y$7$]MH[
                                                                                                          • API String ID: 0-1885758756
                                                                                                          • Opcode ID: 27724164aa29f80d0127e3f3ecf70ca1326a5e485ec69b3e172462faa901ab8a
                                                                                                          • Instruction ID: b26493c2b23dea2b5cbe28b27b7d51c4b49c021b3a829a4446b602c56bb39fb1
                                                                                                          • Opcode Fuzzy Hash: 27724164aa29f80d0127e3f3ecf70ca1326a5e485ec69b3e172462faa901ab8a
                                                                                                          • Instruction Fuzzy Hash: B6D121B15083819FD368CF65D58981BFBF1FBC4758F208A1DF2968A260D3B58A49CF42
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BCCCD9, Relevance: 7.7, Strings: 6, Instructions: 227COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 99%
                                                                                                          			E02BCCCD9(void* __ecx, void* __edx) {
				signed int _v4;
				intOrPtr _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				void* _t242;
				intOrPtr _t243;
				intOrPtr _t244;
				void* _t248;
				signed int _t250;
				signed int _t251;
				signed int _t252;
				signed int _t253;
				signed int _t254;
				void* _t282;
				void* _t283;
				signed int _t285;
				signed int* _t287;
				signed int* _t288;

				_t287 =  &_v100;
				_v4 = _v4 & 0x00000000;
				_v8 = 0x71e8b0;
				_v36 = 0x18cf5b;
				_v36 = _v36 + 0x6698;
				_v36 = _v36 ^ 0x001a117a;
				_v60 = 0xa2890;
				_t282 = __edx;
				_t248 = __ecx;
				_t283 = 0x72ed85;
				_t250 = 0x42;
				_v60 = _v60 / _t250;
				_v60 = _v60 ^ 0xe73bacde;
				_v60 = _v60 ^ 0xe73fbe74;
				_v40 = 0x9c8291;
				_t251 = 0x70;
				_v40 = _v40 / _t251;
				_v40 = _v40 ^ 0x000cc374;
				_v64 = 0xa8df6e;
				_t252 = 0x66;
				_v64 = _v64 * 0x5a;
				_v64 = _v64 | 0x6df616d5;
				_v64 = _v64 ^ 0x7ff9e958;
				_v88 = 0xc174cb;
				_v88 = _v88 ^ 0xe7b64a13;
				_v88 = _v88 ^ 0xc84137a7;
				_v88 = _v88 << 0xc;
				_v88 = _v88 ^ 0x60915aca;
				_v32 = 0x752193;
				_v32 = _v32 * 0x3f;
				_v32 = _v32 ^ 0x1cda7702;
				_v92 = 0x141833;
				_v92 = _v92 + 0xffffc8f8;
				_v92 = _v92 + 0xf362;
				_v92 = _v92 << 0x10;
				_v92 = _v92 ^ 0xd48431d2;
				_v96 = 0xc34044;
				_v96 = _v96 << 8;
				_v96 = _v96 + 0xffff536d;
				_v96 = _v96 + 0x5d23;
				_v96 = _v96 ^ 0xc334c852;
				_v20 = 0x3a6348;
				_v20 = _v20 << 0x10;
				_v20 = _v20 ^ 0x6343ca6d;
				_v56 = 0x49cd71;
				_v56 = _v56 ^ 0x72d9145f;
				_v56 = _v56 + 0x4f98;
				_v56 = _v56 ^ 0x7290366b;
				_v24 = 0x3bf83a;
				_v24 = _v24 << 9;
				_v24 = _v24 ^ 0x77f6a760;
				_v28 = 0x632842;
				_v28 = _v28 + 0xffffe69b;
				_v28 = _v28 ^ 0x006ee443;
				_v48 = 0x4b2ed5;
				_v48 = _v48 ^ 0x82c7a85b;
				_v48 = _v48 + 0xffff7c4b;
				_v48 = _v48 ^ 0x8282f052;
				_v52 = 0x4c7b52;
				_v52 = _v52 + 0xffffbc1f;
				_v52 = _v52 + 0x2e12;
				_v52 = _v52 ^ 0x004752b1;
				_v16 = 0x3a13fc;
				_v16 = _v16 / _t252;
				_v16 = _v16 ^ 0x00081e0d;
				_v84 = 0x8573c6;
				_t253 = 0x4b;
				_v84 = _v84 / _t253;
				_v84 = _v84 | 0x42242f90;
				_v84 = _v84 >> 0xc;
				_v84 = _v84 ^ 0x00008b33;
				_v100 = 0x3509ce;
				_t254 = 0x19;
				_v100 = _v100 / _t254;
				_t285 = 0x44;
				_t255 = 0x6f;
				_v100 = _v100 * 0x31;
				_v100 = _v100 + 0x6b64;
				_v100 = _v100 ^ 0x006714bf;
				_v68 = 0x65eeb7;
				_v68 = _v68 + 0x24bd;
				_v68 = _v68 << 7;
				_v68 = _v68 ^ 0x330bb4b3;
				_v72 = 0x31388d;
				_v72 = _v72 * 0x77;
				_v72 = _v72 / _t285;
				_v72 = _v72 ^ 0x00560572;
				_v76 = 0x10ecc2;
				_v76 = _v76 | 0x28471304;
				_v76 = _v76 + 0xcdda;
				_v76 = _v76 ^ 0x285661a5;
				_v44 = 0xf32c83;
				_v44 = _v44 / _t255;
				_v44 = _v44 / _t285;
				_v44 = _v44 ^ 0x000ff213;
				_v80 = 0xb9f4a0;
				_v80 = _v80 << 0xa;
				_v80 = _v80 + 0xd38f;
				_v80 = _v80 >> 8;
				_v80 = _v80 ^ 0x00ede5ae;
				_v12 = 0x138f30;
				_v12 = _v12 ^ 0xf49e1969;
				_v12 = _v12 ^ 0xf48aec3a;
				while(1) {
					L1:
					_t242 = 0xd8fe181;
					do {
						L2:
						while(_t283 != 0x72ed85) {
							if(_t283 == 0xb6c7232) {
								_t278 = _v52;
								_t255 = _v48;
								_t243 = E02BD1005(_v48, _v52, _v16, _v84,  *((intOrPtr*)(_t282 + 0x38)));
								_t287 =  &(_t287[3]);
								 *((intOrPtr*)(_t282 + 0x2c)) = _t243;
								__eflags = _t243;
								_t242 = 0xd8fe181;
								_t283 =  !=  ? 0xd8fe181 : 0xd6f812a;
								continue;
							}
							if(_t283 == 0xc5020c9) {
								_push(_v64);
								_t244 = E02BD3263(_v36, _v60, __eflags, _t248, _v40, _t255);
								_t288 =  &(_t287[4]);
								 *((intOrPtr*)(_t282 + 0x38)) = _t244;
								__eflags = _t244;
								if(_t244 != 0) {
									E02BD148A(_t244, _t244, _v88, _v32, _v92, _v96);
									_t278 = _v56;
									_t255 = _v20;
									E02BBE2BD(_v56, _v24,  *((intOrPtr*)(_t282 + 0x38)), _v28);
									_t287 =  &(_t288[7]);
									_t283 = 0xb6c7232;
									goto L1;
								}
							} else {
								if(_t283 == 0xd6f812a) {
									return E02BBF0E9(_v44,  *((intOrPtr*)(_t282 + 0x38)), _v80, _v12);
								}
								if(_t283 != _t242) {
									goto L13;
								} else {
									_t244 = E02BC0EBC(_v100, _t278, _v68, _v100, _v72, _v76, _v100, _t255, _t282, E02BD25F1);
									_t287 =  &(_t287[8]);
									 *((intOrPtr*)(_t282 + 0x48)) = _t244;
									if(_t244 == 0) {
										_t283 = 0xd6f812a;
										while(1) {
											L1:
											_t242 = 0xd8fe181;
											goto L2;
										}
									}
								}
							}
							return _t244;
						}
						_t283 = 0xc5020c9;
						L13:
						__eflags = _t283 - 0x11d9bb5;
					} while (__eflags != 0);
					return _t242;
				}
			}










































                                                                                                          0x02bcccd9
                                                                                                          0x02bcccdc
                                                                                                          0x02bccce1
                                                                                                          0x02bccce9
                                                                                                          0x02bcccf1
                                                                                                          0x02bcccf9
                                                                                                          0x02bccd01
                                                                                                          0x02bccd11
                                                                                                          0x02bccd13
                                                                                                          0x02bccd19
                                                                                                          0x02bccd1e
                                                                                                          0x02bccd23
                                                                                                          0x02bccd29
                                                                                                          0x02bccd31
                                                                                                          0x02bccd39
                                                                                                          0x02bccd45
                                                                                                          0x02bccd4a
                                                                                                          0x02bccd50
                                                                                                          0x02bccd58
                                                                                                          0x02bccd65
                                                                                                          0x02bccd66
                                                                                                          0x02bccd6a
                                                                                                          0x02bccd72
                                                                                                          0x02bccd7a
                                                                                                          0x02bccd82
                                                                                                          0x02bccd8a
                                                                                                          0x02bccd92
                                                                                                          0x02bccd97
                                                                                                          0x02bccd9f
                                                                                                          0x02bccdac
                                                                                                          0x02bccdb0
                                                                                                          0x02bccdb8
                                                                                                          0x02bccdc0
                                                                                                          0x02bccdc8
                                                                                                          0x02bccdd0
                                                                                                          0x02bccdd5
                                                                                                          0x02bccddd
                                                                                                          0x02bccde5
                                                                                                          0x02bccdea
                                                                                                          0x02bccdf2
                                                                                                          0x02bccdfa
                                                                                                          0x02bcce02
                                                                                                          0x02bcce0a
                                                                                                          0x02bcce0f
                                                                                                          0x02bcce17
                                                                                                          0x02bcce1f
                                                                                                          0x02bcce27
                                                                                                          0x02bcce2f
                                                                                                          0x02bcce37
                                                                                                          0x02bcce3f
                                                                                                          0x02bcce44
                                                                                                          0x02bcce4c
                                                                                                          0x02bcce54
                                                                                                          0x02bcce5c
                                                                                                          0x02bcce64
                                                                                                          0x02bcce6c
                                                                                                          0x02bcce74
                                                                                                          0x02bcce7c
                                                                                                          0x02bcce84
                                                                                                          0x02bcce8c
                                                                                                          0x02bcce94
                                                                                                          0x02bcce9c
                                                                                                          0x02bccea4
                                                                                                          0x02bcceb2
                                                                                                          0x02bcceb6
                                                                                                          0x02bccec0
                                                                                                          0x02bccece
                                                                                                          0x02bcced3
                                                                                                          0x02bcced7
                                                                                                          0x02bccedf
                                                                                                          0x02bccee4
                                                                                                          0x02bcceec
                                                                                                          0x02bccefa
                                                                                                          0x02bcceff
                                                                                                          0x02bccf0a
                                                                                                          0x02bccf0d
                                                                                                          0x02bccf0e
                                                                                                          0x02bccf12
                                                                                                          0x02bccf1a
                                                                                                          0x02bccf22
                                                                                                          0x02bccf2a
                                                                                                          0x02bccf32
                                                                                                          0x02bccf37
                                                                                                          0x02bccf3f
                                                                                                          0x02bccf4c
                                                                                                          0x02bccf58
                                                                                                          0x02bccf5c
                                                                                                          0x02bccf64
                                                                                                          0x02bccf6c
                                                                                                          0x02bccf74
                                                                                                          0x02bccf7c
                                                                                                          0x02bccf84
                                                                                                          0x02bccf94
                                                                                                          0x02bccfa3
                                                                                                          0x02bccfa7
                                                                                                          0x02bccfaf
                                                                                                          0x02bccfb7
                                                                                                          0x02bccfbc
                                                                                                          0x02bccfc4
                                                                                                          0x02bccfc9
                                                                                                          0x02bccfd1
                                                                                                          0x02bccfd9
                                                                                                          0x02bccfe1
                                                                                                          0x02bccfe9
                                                                                                          0x02bccfe9
                                                                                                          0x02bccfe9
                                                                                                          0x02bccfee
                                                                                                          0x00000000
                                                                                                          0x02bccfee
                                                                                                          0x02bcd000
                                                                                                          0x02bcd0bc
                                                                                                          0x02bcd0c0
                                                                                                          0x02bcd0c4
                                                                                                          0x02bcd0c9
                                                                                                          0x02bcd0cc
                                                                                                          0x02bcd0cf
                                                                                                          0x02bcd0d3
                                                                                                          0x02bcd0d8
                                                                                                          0x00000000
                                                                                                          0x02bcd0d8
                                                                                                          0x02bcd00c
                                                                                                          0x02bcd04e
                                                                                                          0x02bcd060
                                                                                                          0x02bcd065
                                                                                                          0x02bcd068
                                                                                                          0x02bcd06b
                                                                                                          0x02bcd06d
                                                                                                          0x02bcd087
                                                                                                          0x02bcd097
                                                                                                          0x02bcd09b
                                                                                                          0x02bcd09f
                                                                                                          0x02bcd0a4
                                                                                                          0x02bcd0a7
                                                                                                          0x00000000
                                                                                                          0x02bcd0a7
                                                                                                          0x02bcd00e
                                                                                                          0x02bcd010
                                                                                                          0x00000000
                                                                                                          0x02bcd108
                                                                                                          0x02bcd018
                                                                                                          0x00000000
                                                                                                          0x02bcd01e
                                                                                                          0x02bcd037
                                                                                                          0x02bcd03c
                                                                                                          0x02bcd03f
                                                                                                          0x02bcd044
                                                                                                          0x02bcd04a
                                                                                                          0x02bccfe9
                                                                                                          0x02bccfe9
                                                                                                          0x02bccfe9
                                                                                                          0x00000000
                                                                                                          0x02bccfe9
                                                                                                          0x02bccfe9
                                                                                                          0x02bcd044
                                                                                                          0x02bcd018
                                                                                                          0x02bcd110
                                                                                                          0x02bcd110
                                                                                                          0x02bcd0e0
                                                                                                          0x02bcd0e5
                                                                                                          0x02bcd0e5
                                                                                                          0x02bcd0e5
                                                                                                          0x00000000
                                                                                                          0x02bccfee

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: #]$$P$Cn$Hc:$R{L$dk
                                                                                                          • API String ID: 0-1551317889
                                                                                                          • Opcode ID: 03aef9399ab41316f51ba1cef641d00c8a1a724afd60375171ad6f0574d330ab
                                                                                                          • Instruction ID: d2bac3bb39b5e79cb18f959b85e14cdcdfabb654dccf96f74e7e24f923052c1f
                                                                                                          • Opcode Fuzzy Hash: 03aef9399ab41316f51ba1cef641d00c8a1a724afd60375171ad6f0574d330ab
                                                                                                          • Instruction Fuzzy Hash: 7AB151B29083419FD358CF29C54941BFBE2FBC8758F108A2DF59996260D3B5CA49CF82
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BBF369, Relevance: 7.7, Strings: 6, Instructions: 211COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 93%
                                                                                                          			E02BBF369(void* __ecx) {
				void* _v12;
				intOrPtr _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				unsigned int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				void* _t198;
				void* _t199;
				void* _t202;
				void* _t207;
				void* _t210;
				void* _t213;
				void* _t214;
				void* _t216;
				signed int _t234;
				signed int _t235;
				signed int _t236;
				signed int _t237;
				signed int _t238;
				signed int _t239;
				void* _t241;
				signed int* _t243;
				void* _t246;

				_t243 =  &_v88;
				_v16 = 0x3949c2;
				asm("stosd");
				_t214 = __ecx;
				_t241 = 0;
				_t216 = 0x68b8c0f;
				asm("stosd");
				asm("stosd");
				_v76 = 0x201aab;
				_t234 = 0x76;
				_v76 = _v76 / _t234;
				_v76 = _v76 + 0xe408;
				_t235 = 0xc;
				_v76 = _v76 * 0x38;
				_v76 = _v76 ^ 0x004fdd99;
				_v44 = 0xd502f1;
				_v44 = _v44 | 0x910f8184;
				_v44 = _v44 / _t235;
				_v44 = _v44 ^ 0x0c2ba140;
				_v48 = 0xe41bd4;
				_v48 = _v48 ^ 0x89eac382;
				_t236 = 0x67;
				_v48 = _v48 / _t236;
				_v48 = _v48 ^ 0x015e526e;
				_v24 = 0xf49d06;
				_v24 = _v24 | 0x486b4754;
				_v24 = _v24 ^ 0x48f37dd9;
				_v88 = 0xd25a8e;
				_v88 = _v88 ^ 0x0de03e2c;
				_v88 = _v88 >> 8;
				_t237 = 0x57;
				_v88 = _v88 / _t237;
				_v88 = _v88 ^ 0x00057327;
				_v32 = 0x480afd;
				_v32 = _v32 ^ 0x00453f61;
				_v60 = 0x165baf;
				_v60 = _v60 << 0xa;
				_v60 = _v60 ^ 0xd8cf9c31;
				_v60 = _v60 ^ 0x81a5172b;
				_v84 = 0x2fcd58;
				_v84 = _v84 + 0x335f;
				_v84 = _v84 + 0xffff6358;
				_v84 = _v84 << 9;
				_v84 = _v84 ^ 0x5ec42bb0;
				_v40 = 0xbc2783;
				_v40 = _v40 + 0xffff2ae1;
				_t238 = 0xa;
				_v40 = _v40 * 0x5e;
				_v40 = _v40 ^ 0x44c8bdaa;
				_v72 = 0xc9404f;
				_v72 = _v72 | 0xfaaf7fa5;
				_v72 = _v72 / _t238;
				_v72 = _v72 >> 0xc;
				_v72 = _v72 ^ 0x000be8dc;
				_v56 = 0xcb8585;
				_v56 = _v56 >> 6;
				_v56 = _v56 ^ 0xa4d175a3;
				_v56 = _v56 ^ 0xa4d4e9a5;
				_v28 = 0xfbd7ad;
				_v28 = _v28 + 0xffffc7a7;
				_v28 = _v28 ^ 0x00f429b0;
				_v80 = 0x6cf7c4;
				_v80 = _v80 << 0xb;
				_v80 = _v80 ^ 0xc9851cf7;
				_v80 = _v80 + 0xe116;
				_v80 = _v80 ^ 0xae3f2149;
				_v52 = 0xd995b1;
				_v52 = _v52 + 0x112b;
				_v52 = _v52 + 0xffff70e0;
				_v52 = _v52 ^ 0x00d4086e;
				_v64 = 0x3e6f55;
				_v64 = _v64 ^ 0x64233eb3;
				_v64 = _v64 + 0xfffff8c9;
				_v64 = _v64 + 0xffffb5e5;
				_v64 = _v64 ^ 0x64179829;
				_v68 = 0x30eb6c;
				_t239 = 0x37;
				_v68 = _v68 / _t239;
				_v68 = _v68 + 0xffffeee1;
				_v68 = _v68 >> 0xa;
				_v68 = _v68 ^ 0x000816d3;
				_v20 = 0x71a516;
				_v20 = _v20 | 0x2f4429e5;
				_v20 = _v20 ^ 0x2f784372;
				_v36 = 0xda1832;
				_v36 = _v36 * 0x4c;
				_v36 = _v36 + 0xffff5a89;
				_v36 = _v36 ^ 0x40b976b8;
				goto L1;
				do {
					while(1) {
						L1:
						_t246 = _t216 - 0x68b8c0f;
						if(_t246 > 0) {
							break;
						}
						if(_t246 == 0) {
							_t216 = 0xe6264d6;
							continue;
						} else {
							if(_t216 == 0x8a1c17) {
								_push(_t216);
								_t202 = E02BC07F0();
								_t243 =  &(_t243[1]);
								_t216 = 0xf218af8;
								_t241 = _t241 + _t202;
								continue;
							} else {
								if(_t216 == 0x50fe579) {
									_t241 = _t241 + E02BCBE8C(_t214 + 0x2c, _v64, _v68, _v20, _v36);
								} else {
									if(_t216 == 0x530d654) {
										_push(_t216);
										_t207 = E02BC07F0();
										_t243 =  &(_t243[1]);
										_t216 = 0x8a5806a;
										_t241 = _t241 + _t207;
										continue;
									} else {
										if(_t216 != 0x5e83455) {
											goto L17;
										} else {
											_push(_t216);
											_t210 = E02BC07F0();
											_t243 =  &(_t243[1]);
											_t216 = 0x530d654;
											_t241 = _t241 + _t210;
											continue;
										}
									}
								}
							}
						}
						L20:
						return _t241;
					}
					if(_t216 == 0x8a5806a) {
						_push(_t216);
						_t198 = E02BC07F0();
						_t243 =  &(_t243[1]);
						_t216 = 0x8a1c17;
						_t241 = _t241 + _t198;
						goto L17;
					} else {
						if(_t216 == 0xe6264d6) {
							_t199 = E02BCBE8C(_t214 + 0x4c, _v76, _v44, _v48, _v24);
							_t243 =  &(_t243[3]);
							_t216 = 0x5e83455;
							_t241 = _t241 + _t199;
							goto L1;
						} else {
							if(_t216 != 0xf218af8) {
								goto L17;
							} else {
								_push(_t216);
								_t213 = E02BC07F0();
								_t243 =  &(_t243[1]);
								_t216 = 0x50fe579;
								_t241 = _t241 + _t213;
								goto L1;
							}
						}
					}
					goto L20;
					L17:
				} while (_t216 != 0x3fc4e73);
				goto L20;
			}








































                                                                                                          0x02bbf369
                                                                                                          0x02bbf36c
                                                                                                          0x02bbf380
                                                                                                          0x02bbf388
                                                                                                          0x02bbf38a
                                                                                                          0x02bbf38c
                                                                                                          0x02bbf38e
                                                                                                          0x02bbf38f
                                                                                                          0x02bbf390
                                                                                                          0x02bbf39c
                                                                                                          0x02bbf3a1
                                                                                                          0x02bbf3a7
                                                                                                          0x02bbf3b4
                                                                                                          0x02bbf3b7
                                                                                                          0x02bbf3bb
                                                                                                          0x02bbf3c3
                                                                                                          0x02bbf3cb
                                                                                                          0x02bbf3db
                                                                                                          0x02bbf3df
                                                                                                          0x02bbf3e7
                                                                                                          0x02bbf3ef
                                                                                                          0x02bbf3fb
                                                                                                          0x02bbf400
                                                                                                          0x02bbf406
                                                                                                          0x02bbf40e
                                                                                                          0x02bbf416
                                                                                                          0x02bbf41e
                                                                                                          0x02bbf426
                                                                                                          0x02bbf42e
                                                                                                          0x02bbf436
                                                                                                          0x02bbf43f
                                                                                                          0x02bbf444
                                                                                                          0x02bbf44a
                                                                                                          0x02bbf452
                                                                                                          0x02bbf462
                                                                                                          0x02bbf46a
                                                                                                          0x02bbf472
                                                                                                          0x02bbf477
                                                                                                          0x02bbf47f
                                                                                                          0x02bbf487
                                                                                                          0x02bbf48f
                                                                                                          0x02bbf497
                                                                                                          0x02bbf49f
                                                                                                          0x02bbf4a4
                                                                                                          0x02bbf4ac
                                                                                                          0x02bbf4b4
                                                                                                          0x02bbf4c1
                                                                                                          0x02bbf4c2
                                                                                                          0x02bbf4c6
                                                                                                          0x02bbf4ce
                                                                                                          0x02bbf4d6
                                                                                                          0x02bbf4e4
                                                                                                          0x02bbf4ea
                                                                                                          0x02bbf4ef
                                                                                                          0x02bbf4f7
                                                                                                          0x02bbf4ff
                                                                                                          0x02bbf504
                                                                                                          0x02bbf50c
                                                                                                          0x02bbf514
                                                                                                          0x02bbf51c
                                                                                                          0x02bbf524
                                                                                                          0x02bbf52c
                                                                                                          0x02bbf534
                                                                                                          0x02bbf539
                                                                                                          0x02bbf541
                                                                                                          0x02bbf549
                                                                                                          0x02bbf551
                                                                                                          0x02bbf559
                                                                                                          0x02bbf561
                                                                                                          0x02bbf569
                                                                                                          0x02bbf571
                                                                                                          0x02bbf579
                                                                                                          0x02bbf581
                                                                                                          0x02bbf589
                                                                                                          0x02bbf591
                                                                                                          0x02bbf599
                                                                                                          0x02bbf5a7
                                                                                                          0x02bbf5af
                                                                                                          0x02bbf5b3
                                                                                                          0x02bbf5bb
                                                                                                          0x02bbf5c0
                                                                                                          0x02bbf5c8
                                                                                                          0x02bbf5d0
                                                                                                          0x02bbf5d8
                                                                                                          0x02bbf5e0
                                                                                                          0x02bbf5ed
                                                                                                          0x02bbf5f1
                                                                                                          0x02bbf5f9
                                                                                                          0x02bbf5f9
                                                                                                          0x02bbf601
                                                                                                          0x02bbf601
                                                                                                          0x02bbf601
                                                                                                          0x02bbf601
                                                                                                          0x02bbf603
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bbf605
                                                                                                          0x02bbf67d
                                                                                                          0x00000000
                                                                                                          0x02bbf607
                                                                                                          0x02bbf60d
                                                                                                          0x02bbf66b
                                                                                                          0x02bbf66c
                                                                                                          0x02bbf671
                                                                                                          0x02bbf674
                                                                                                          0x02bbf679
                                                                                                          0x00000000
                                                                                                          0x02bbf60f
                                                                                                          0x02bbf615
                                                                                                          0x02bbf71a
                                                                                                          0x02bbf61b
                                                                                                          0x02bbf621
                                                                                                          0x02bbf651
                                                                                                          0x02bbf652
                                                                                                          0x02bbf657
                                                                                                          0x02bbf65a
                                                                                                          0x02bbf65f
                                                                                                          0x00000000
                                                                                                          0x02bbf623
                                                                                                          0x02bbf629
                                                                                                          0x00000000
                                                                                                          0x02bbf62f
                                                                                                          0x02bbf637
                                                                                                          0x02bbf638
                                                                                                          0x02bbf63d
                                                                                                          0x02bbf640
                                                                                                          0x02bbf645
                                                                                                          0x00000000
                                                                                                          0x02bbf645
                                                                                                          0x02bbf629
                                                                                                          0x02bbf621
                                                                                                          0x02bbf615
                                                                                                          0x02bbf60d
                                                                                                          0x02bbf71d
                                                                                                          0x02bbf725
                                                                                                          0x02bbf725
                                                                                                          0x02bbf687
                                                                                                          0x02bbf6e1
                                                                                                          0x02bbf6e2
                                                                                                          0x02bbf6e7
                                                                                                          0x02bbf6ea
                                                                                                          0x02bbf6ef
                                                                                                          0x00000000
                                                                                                          0x02bbf689
                                                                                                          0x02bbf68b
                                                                                                          0x02bbf6c5
                                                                                                          0x02bbf6ca
                                                                                                          0x02bbf6cd
                                                                                                          0x02bbf6d2
                                                                                                          0x00000000
                                                                                                          0x02bbf68d
                                                                                                          0x02bbf693
                                                                                                          0x00000000
                                                                                                          0x02bbf695
                                                                                                          0x02bbf69d
                                                                                                          0x02bbf69e
                                                                                                          0x02bbf6a3
                                                                                                          0x02bbf6a6
                                                                                                          0x02bbf6ab
                                                                                                          0x00000000
                                                                                                          0x02bbf6ab
                                                                                                          0x02bbf693
                                                                                                          0x02bbf68b
                                                                                                          0x00000000
                                                                                                          0x02bbf6f1
                                                                                                          0x02bbf6f1
                                                                                                          0x00000000

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: ,>$Uo>$_3$a?E$l0$rCx/
                                                                                                          • API String ID: 0-1805074986
                                                                                                          • Opcode ID: aee53d98fdbd87342a85eaa3d07f56d671f8fcd94221aca7db3dcd7928f6070b
                                                                                                          • Instruction ID: 49ec4f165bc3273a2fbca2649e19e4e5ed060a9f9b96a0a122f1232380021ad7
                                                                                                          • Opcode Fuzzy Hash: aee53d98fdbd87342a85eaa3d07f56d671f8fcd94221aca7db3dcd7928f6070b
                                                                                                          • Instruction Fuzzy Hash: E59132B29083409BC359CF25D88946FBBF1FFD5748F144A2DFA8696260D3B6C908CB42
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BC8806, Relevance: 7.7, Strings: 6, Instructions: 201COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 96%
                                                                                                          			E02BC8806(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				char _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				void* _t156;
				void* _t172;
				void* _t174;
				void* _t177;
				void* _t182;
				signed int _t183;
				signed int _t184;
				signed int _t185;
				signed int _t186;
				void* _t189;
				intOrPtr _t216;
				signed int* _t219;

				_t215 = _a8;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E02BCFE29(_t156);
				_v76 = 0x923182;
				_t219 =  &(( &_v140)[4]);
				_v72 = 0xa31cb9;
				_t216 = 0;
				_v68 = 0;
				_v64 = 0;
				_t189 = 0xe0c62fa;
				_v120 = 0x4473bb;
				_t183 = 0x46;
				_v120 = _v120 / _t183;
				_v120 = _v120 << 6;
				_v120 = _v120 ^ 0x003879f9;
				_v100 = 0x40bbdb;
				_t184 = 0x64;
				_v100 = _v100 * 0x13;
				_v100 = _v100 ^ 0x04c6e1a5;
				_v140 = 0x8d0a20;
				_v140 = _v140 * 0x6a;
				_v140 = _v140 + 0x25b5;
				_v140 = _v140 * 0x47;
				_v140 = _v140 ^ 0x32607187;
				_v84 = 0x381a9b;
				_v84 = _v84 + 0xbdad;
				_v84 = _v84 ^ 0x00352eaa;
				_v124 = 0x2aec69;
				_v124 = _v124 | 0x10e7a47b;
				_v124 = _v124 ^ 0x113e433b;
				_v124 = _v124 / _t184;
				_v124 = _v124 ^ 0x000f1a56;
				_v80 = 0x7d6845;
				_v80 = _v80 + 0xffff13df;
				_v80 = _v80 ^ 0x0079135d;
				_v92 = 0x295f3e;
				_v92 = _v92 + 0xbf8d;
				_v92 = _v92 ^ 0x0026878e;
				_v116 = 0x37f4f;
				_v116 = _v116 << 6;
				_v116 = _v116 + 0x3a5c;
				_v116 = _v116 ^ 0x00effc52;
				_v132 = 0xa2ba8e;
				_v132 = _v132 + 0x1d0a;
				_v132 = _v132 | 0x3462f83d;
				_t185 = 0x33;
				_v132 = _v132 * 0x30;
				_v132 = _v132 ^ 0xea8b61c3;
				_v128 = 0xc1a215;
				_v128 = _v128 / _t185;
				_v128 = _v128 | 0x8f52208d;
				_v128 = _v128 + 0x2564;
				_v128 = _v128 ^ 0x8f53844f;
				_v108 = 0x49ebcc;
				_v108 = _v108 * 0x2a;
				_v108 = _v108 ^ 0x0c2cea59;
				_v136 = 0x4a157a;
				_t186 = 0x59;
				_v136 = _v136 / _t186;
				_v136 = _v136 >> 1;
				_v136 = _v136 << 9;
				_v136 = _v136 ^ 0x00dde8e3;
				_v96 = 0x85f352;
				_v96 = _v96 | 0xf8883f30;
				_v96 = _v96 ^ 0xf88ae245;
				_v104 = 0xc8529d;
				_v104 = _v104 >> 8;
				_v104 = _v104 ^ 0x00006ec5;
				_v88 = 0xa01b;
				_v88 = _v88 + 0xf4b;
				_v88 = _v88 ^ 0x0002d8bd;
				_v112 = 0x376510;
				_v112 = _v112 >> 1;
				_v112 = _v112 + 0x6895;
				_v112 = _v112 ^ 0x001ca4c8;
				do {
					while(_t189 != 0x2d570bf) {
						if(_t189 == 0x2e69388) {
							_t174 = E02BD2BF0(_v80,  &_v60, _v92, _v116, _t215 + 0xc);
							_t219 =  &(_t219[3]);
							__eflags = _t174;
							if(__eflags != 0) {
								_t189 = 0xed0c1fc;
								continue;
							}
						} else {
							if(_t189 == 0xa1356c9) {
								_t177 = E02BD2BF0(_v140,  &_v60, _v84, _v124, _t215 + 0x48);
								_t219 =  &(_t219[3]);
								__eflags = _t177;
								if(__eflags != 0) {
									_t189 = 0x2e69388;
									continue;
								}
							} else {
								if(_t189 == 0xd5f0997) {
									__eflags = E02BC9D3E( &_v60, _v88, __eflags, _v112, _t215);
									_t216 =  !=  ? 1 : _t216;
								} else {
									if(_t189 == 0xe0c62fa) {
										_t189 = 0xe1d6fcd;
										continue;
									} else {
										if(_t189 == 0xe1d6fcd) {
											E02BB22A6(_a4, _v120,  &_v60, _v100);
											_t219 =  &(_t219[2]);
											_t189 = 0xa1356c9;
											continue;
										} else {
											if(_t189 != 0xed0c1fc) {
												goto L19;
											} else {
												_t182 = E02BD2BF0(_v132,  &_v60, _v128, _v108, _t215 + 0x1c);
												_t219 =  &(_t219[3]);
												if(_t182 != 0) {
													_t189 = 0x2d570bf;
													continue;
												}
											}
										}
									}
								}
							}
						}
						L22:
						return _t216;
					}
					_t172 = E02BD2BF0(_v136,  &_v60, _v96, _v104, _t215 + 0x3c);
					_t219 =  &(_t219[3]);
					__eflags = _t172;
					if(__eflags == 0) {
						_t189 = 0x63acd9;
						goto L19;
					} else {
						_t189 = 0xd5f0997;
						continue;
					}
					goto L22;
					L19:
					__eflags = _t189 - 0x63acd9;
				} while (__eflags != 0);
				goto L22;
			}




































                                                                                                          0x02bc8810
                                                                                                          0x02bc8817
                                                                                                          0x02bc8818
                                                                                                          0x02bc881f
                                                                                                          0x02bc8820
                                                                                                          0x02bc8821
                                                                                                          0x02bc8826
                                                                                                          0x02bc882e
                                                                                                          0x02bc8831
                                                                                                          0x02bc8839
                                                                                                          0x02bc883b
                                                                                                          0x02bc8841
                                                                                                          0x02bc8845
                                                                                                          0x02bc884a
                                                                                                          0x02bc8858
                                                                                                          0x02bc885d
                                                                                                          0x02bc8863
                                                                                                          0x02bc8868
                                                                                                          0x02bc8870
                                                                                                          0x02bc887d
                                                                                                          0x02bc8880
                                                                                                          0x02bc8884
                                                                                                          0x02bc888c
                                                                                                          0x02bc8899
                                                                                                          0x02bc889d
                                                                                                          0x02bc88aa
                                                                                                          0x02bc88ae
                                                                                                          0x02bc88b6
                                                                                                          0x02bc88be
                                                                                                          0x02bc88c6
                                                                                                          0x02bc88ce
                                                                                                          0x02bc88d6
                                                                                                          0x02bc88de
                                                                                                          0x02bc88ee
                                                                                                          0x02bc88f2
                                                                                                          0x02bc88fa
                                                                                                          0x02bc8902
                                                                                                          0x02bc890a
                                                                                                          0x02bc8912
                                                                                                          0x02bc891a
                                                                                                          0x02bc8922
                                                                                                          0x02bc892a
                                                                                                          0x02bc8932
                                                                                                          0x02bc8937
                                                                                                          0x02bc893f
                                                                                                          0x02bc8947
                                                                                                          0x02bc894f
                                                                                                          0x02bc8957
                                                                                                          0x02bc8964
                                                                                                          0x02bc8965
                                                                                                          0x02bc8969
                                                                                                          0x02bc8971
                                                                                                          0x02bc897f
                                                                                                          0x02bc8983
                                                                                                          0x02bc898b
                                                                                                          0x02bc8993
                                                                                                          0x02bc899b
                                                                                                          0x02bc89a8
                                                                                                          0x02bc89ac
                                                                                                          0x02bc89b4
                                                                                                          0x02bc89c4
                                                                                                          0x02bc89d1
                                                                                                          0x02bc89d5
                                                                                                          0x02bc89d9
                                                                                                          0x02bc89de
                                                                                                          0x02bc89e6
                                                                                                          0x02bc89ee
                                                                                                          0x02bc89f6
                                                                                                          0x02bc89fe
                                                                                                          0x02bc8a06
                                                                                                          0x02bc8a0b
                                                                                                          0x02bc8a13
                                                                                                          0x02bc8a1b
                                                                                                          0x02bc8a23
                                                                                                          0x02bc8a2b
                                                                                                          0x02bc8a33
                                                                                                          0x02bc8a37
                                                                                                          0x02bc8a3f
                                                                                                          0x02bc8a47
                                                                                                          0x02bc8a47
                                                                                                          0x02bc8a51
                                                                                                          0x02bc8b22
                                                                                                          0x02bc8b27
                                                                                                          0x02bc8b2a
                                                                                                          0x02bc8b2c
                                                                                                          0x02bc8b2e
                                                                                                          0x00000000
                                                                                                          0x02bc8b2e
                                                                                                          0x02bc8a57
                                                                                                          0x02bc8a5d
                                                                                                          0x02bc8af7
                                                                                                          0x02bc8afc
                                                                                                          0x02bc8aff
                                                                                                          0x02bc8b01
                                                                                                          0x02bc8b07
                                                                                                          0x00000000
                                                                                                          0x02bc8b07
                                                                                                          0x02bc8a63
                                                                                                          0x02bc8a69
                                                                                                          0x02bc8b8c
                                                                                                          0x02bc8b8e
                                                                                                          0x02bc8a6f
                                                                                                          0x02bc8a75
                                                                                                          0x02bc8ad9
                                                                                                          0x00000000
                                                                                                          0x02bc8a77
                                                                                                          0x02bc8a7d
                                                                                                          0x02bc8ac7
                                                                                                          0x02bc8acc
                                                                                                          0x02bc8acf
                                                                                                          0x00000000
                                                                                                          0x02bc8a7f
                                                                                                          0x02bc8a85
                                                                                                          0x00000000
                                                                                                          0x02bc8a8b
                                                                                                          0x02bc8a9f
                                                                                                          0x02bc8aa4
                                                                                                          0x02bc8aa9
                                                                                                          0x02bc8aaf
                                                                                                          0x00000000
                                                                                                          0x02bc8aaf
                                                                                                          0x02bc8aa9
                                                                                                          0x02bc8a85
                                                                                                          0x02bc8a7d
                                                                                                          0x02bc8a75
                                                                                                          0x02bc8a69
                                                                                                          0x02bc8a5d
                                                                                                          0x02bc8b92
                                                                                                          0x02bc8b9d
                                                                                                          0x02bc8b9d
                                                                                                          0x02bc8b4c
                                                                                                          0x02bc8b51
                                                                                                          0x02bc8b54
                                                                                                          0x02bc8b56
                                                                                                          0x02bc8b62
                                                                                                          0x00000000
                                                                                                          0x02bc8b58
                                                                                                          0x02bc8b58
                                                                                                          0x00000000
                                                                                                          0x02bc8b58
                                                                                                          0x00000000
                                                                                                          0x02bc8b67
                                                                                                          0x02bc8b67
                                                                                                          0x02bc8b67
                                                                                                          0x00000000

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: $P$>_)$Eh}$\:$d%$i*
                                                                                                          • API String ID: 0-2969320698
                                                                                                          • Opcode ID: aeffe686daea30544195ed0138f6e4945c8625af026a6e1ad50bc3102dfd4890
                                                                                                          • Instruction ID: 3f035eac9d73fd4afc9e02dfa53759461670572c479c3517f687c324082100f8
                                                                                                          • Opcode Fuzzy Hash: aeffe686daea30544195ed0138f6e4945c8625af026a6e1ad50bc3102dfd4890
                                                                                                          • Instruction Fuzzy Hash: 5B9163B11083419FD719CF21C58592BBBF2EBC4708F00995DF59A962A0D3B6CA09CF83
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BBBFBE, Relevance: 7.6, Strings: 6, Instructions: 149COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 96%
                                                                                                          			E02BBBFBE(void* __edx, intOrPtr* _a4, intOrPtr _a8) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				void* __ecx;
				void* _t131;
				signed int _t135;
				signed int _t139;
				void* _t143;
				void* _t146;
				void* _t157;
				signed int _t158;
				signed int _t159;
				void* _t161;
				signed int* _t163;

				_t144 = _a4;
				_push(_a8);
				_t161 = __edx;
				_push(_a4);
				_push(__edx);
				E02BCFE29(_t131);
				_v56 = 0x2e7fee;
				_t163 =  &(( &_v68)[4]);
				_v56 = _v56 | 0x8bf0d90c;
				_v56 = _v56 + 0xffff841c;
				_t157 = 0;
				_v56 = _v56 ^ 0x8bfe8408;
				_t146 = 0xe8f06a4;
				_v20 = 0xd3cae8;
				_v20 = _v20 + 0xffff2712;
				_v20 = _v20 ^ 0x00d2f1ea;
				_v16 = 0xd3a0fd;
				_t158 = 0x75;
				_v16 = _v16 / _t158;
				_v16 = _v16 ^ 0x4001cf0d;
				_v40 = 0x4f1d62;
				_v40 = _v40 + 0xffffc4cc;
				_v40 = _v40 + 0xffffbca6;
				_v40 = _v40 ^ 0x004e2d6a;
				_v8 = 0x24ed33;
				_v8 = _v8 << 7;
				_v8 = _v8 ^ 0x1279d784;
				_v12 = 0xe170a7;
				_t135 = _v12;
				_t159 = 0x28;
				_t155 = _t135 % _t159;
				_v12 = _t135 / _t159;
				_v12 = _v12 ^ 0x0006bc2e;
				_v44 = 0x4d8c8f;
				_v44 = _v44 | 0xffeffd4f;
				_v44 = _v44 ^ 0xffe079b2;
				_v48 = 0xc3edaa;
				_v48 = _v48 >> 0x10;
				_v48 = _v48 + 0xd49e;
				_v48 = _v48 ^ 0x0004c7fe;
				_v68 = 0x67444f;
				_v68 = _v68 + 0x90d;
				_v68 = _v68 * 0x5b;
				_v68 = _v68 | 0x263824b0;
				_v68 = _v68 ^ 0x26bf9150;
				_v52 = 0xb09b3a;
				_v52 = _v52 ^ 0xfa5715e4;
				_v52 = _v52 ^ 0xfae78c15;
				_v24 = 0xeb1207;
				_v24 = _v24 + 0xffffe226;
				_v24 = _v24 ^ 0x00e7632f;
				_v28 = 0x3b6554;
				_v28 = _v28 ^ 0x4e84398c;
				_v28 = _v28 ^ 0x4eb32e0d;
				_v60 = 0x36daca;
				_v60 = _v60 ^ 0xae85a6ca;
				_v60 = _v60 ^ 0x532e6d02;
				_v60 = _v60 ^ 0xfd946988;
				_v64 = 0xe9416a;
				_v64 = _v64 >> 0xc;
				_v64 = _v64 >> 1;
				_v64 = _v64 ^ 0x000bb9db;
				_v32 = 0xb764c3;
				_v32 = _v32 << 0xe;
				_v32 = _v32 ^ 0xd93a5796;
				_v4 = 0xb5f3f2;
				_v4 = _v4 ^ 0xf880d4e7;
				_v4 = _v4 ^ 0xf834d19c;
				_t160 = _v4;
				_v36 = 0x2d4acf;
				_v36 = _v36 | 0x966edff9;
				_v36 = _v36 ^ 0x966c13d3;
				do {
					while(_t146 != 0x2926179) {
						if(_t146 == 0x8f0c602) {
							E02BD1538(_v4, _v36, _t160);
						} else {
							if(_t146 == 0xb296bf4) {
								_t143 = E02BCC41A(_v24, _t155, _v28,  *_t144, _v60, _t160, _t144 + 4, _v64, _v32,  *((intOrPtr*)(_t144 + 4)));
								_t163 =  &(_t163[8]);
								_t157 = _t143;
								_t146 = 0x8f0c602;
								continue;
							} else {
								if(_t146 != 0xe8f06a4) {
									goto L10;
								} else {
									_t146 = 0x2926179;
									continue;
								}
							}
						}
						L13:
						return _t157;
					}
					_t155 = _v40;
					_t139 = E02BD45CA(_t161, _v40, _t146, _t146, _v8, _v12, _v44, _v16, _v48, _v68, _v20, _v52, _v56, 0);
					_t160 = _t139;
					_t163 =  &(_t163[0xc]);
					if(_t139 == 0xffffffff) {
						_t146 = 0xe2d92d;
						goto L10;
					} else {
						_t146 = 0xb296bf4;
						continue;
					}
					goto L13;
					L10:
				} while (_t146 != 0xe2d92d);
				goto L13;
			}































                                                                                                          0x02bbbfc2
                                                                                                          0x02bbbfc9
                                                                                                          0x02bbbfcd
                                                                                                          0x02bbbfcf
                                                                                                          0x02bbbfd0
                                                                                                          0x02bbbfd2
                                                                                                          0x02bbbfd7
                                                                                                          0x02bbbfdf
                                                                                                          0x02bbbfe2
                                                                                                          0x02bbbfec
                                                                                                          0x02bbbff4
                                                                                                          0x02bbbff6
                                                                                                          0x02bbbffe
                                                                                                          0x02bbc003
                                                                                                          0x02bbc00b
                                                                                                          0x02bbc013
                                                                                                          0x02bbc01b
                                                                                                          0x02bbc029
                                                                                                          0x02bbc02e
                                                                                                          0x02bbc034
                                                                                                          0x02bbc03c
                                                                                                          0x02bbc044
                                                                                                          0x02bbc04c
                                                                                                          0x02bbc054
                                                                                                          0x02bbc05c
                                                                                                          0x02bbc064
                                                                                                          0x02bbc069
                                                                                                          0x02bbc071
                                                                                                          0x02bbc079
                                                                                                          0x02bbc07d
                                                                                                          0x02bbc07e
                                                                                                          0x02bbc080
                                                                                                          0x02bbc084
                                                                                                          0x02bbc08c
                                                                                                          0x02bbc094
                                                                                                          0x02bbc09c
                                                                                                          0x02bbc0a4
                                                                                                          0x02bbc0ac
                                                                                                          0x02bbc0b1
                                                                                                          0x02bbc0b9
                                                                                                          0x02bbc0c1
                                                                                                          0x02bbc0c9
                                                                                                          0x02bbc0d6
                                                                                                          0x02bbc0da
                                                                                                          0x02bbc0e2
                                                                                                          0x02bbc0ea
                                                                                                          0x02bbc0fa
                                                                                                          0x02bbc102
                                                                                                          0x02bbc10a
                                                                                                          0x02bbc112
                                                                                                          0x02bbc11a
                                                                                                          0x02bbc122
                                                                                                          0x02bbc12a
                                                                                                          0x02bbc132
                                                                                                          0x02bbc13a
                                                                                                          0x02bbc142
                                                                                                          0x02bbc14a
                                                                                                          0x02bbc152
                                                                                                          0x02bbc15a
                                                                                                          0x02bbc162
                                                                                                          0x02bbc167
                                                                                                          0x02bbc16b
                                                                                                          0x02bbc173
                                                                                                          0x02bbc17b
                                                                                                          0x02bbc180
                                                                                                          0x02bbc188
                                                                                                          0x02bbc190
                                                                                                          0x02bbc198
                                                                                                          0x02bbc1a0
                                                                                                          0x02bbc1a4
                                                                                                          0x02bbc1ac
                                                                                                          0x02bbc1b4
                                                                                                          0x02bbc1bc
                                                                                                          0x02bbc1bc
                                                                                                          0x02bbc1ca
                                                                                                          0x02bbc27c
                                                                                                          0x02bbc1d0
                                                                                                          0x02bbc1d6
                                                                                                          0x02bbc208
                                                                                                          0x02bbc20d
                                                                                                          0x02bbc210
                                                                                                          0x02bbc212
                                                                                                          0x00000000
                                                                                                          0x02bbc1d8
                                                                                                          0x02bbc1de
                                                                                                          0x00000000
                                                                                                          0x02bbc1e4
                                                                                                          0x02bbc1e4
                                                                                                          0x00000000
                                                                                                          0x02bbc1e4
                                                                                                          0x02bbc1de
                                                                                                          0x02bbc1d6
                                                                                                          0x02bbc282
                                                                                                          0x02bbc28b
                                                                                                          0x02bbc28b
                                                                                                          0x02bbc23f
                                                                                                          0x02bbc247
                                                                                                          0x02bbc24c
                                                                                                          0x02bbc24e
                                                                                                          0x02bbc254
                                                                                                          0x02bbc260
                                                                                                          0x00000000
                                                                                                          0x02bbc256
                                                                                                          0x02bbc256
                                                                                                          0x00000000
                                                                                                          0x02bbc256
                                                                                                          0x00000000
                                                                                                          0x02bbc265
                                                                                                          0x02bbc265
                                                                                                          0x00000000

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: /c$3$$ODg$Te;$j-N$jA
                                                                                                          • API String ID: 0-1439100758
                                                                                                          • Opcode ID: 6beecac5511420f763a8f2b06641e78c47f08b7496e3c8d03a53748897a012dd
                                                                                                          • Instruction ID: dc3e0aa31ce0a8f235cf3fba7d5f2f3e695b248f25e3f074ca1bf862802aa93a
                                                                                                          • Opcode Fuzzy Hash: 6beecac5511420f763a8f2b06641e78c47f08b7496e3c8d03a53748897a012dd
                                                                                                          • Instruction Fuzzy Hash: BB6144714183409FC359CFA5988A82FBFE1FBC5718F405A1DF6D696220C3B58949CF52
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BC2142, Relevance: 6.6, Strings: 5, Instructions: 329COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 95%
                                                                                                          			E02BC2142() {
				signed int _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				unsigned int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				unsigned int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				void* _t368;
				intOrPtr _t378;
				intOrPtr _t383;
				intOrPtr _t384;
				intOrPtr _t389;
				void* _t390;
				void* _t391;
				signed int _t393;
				signed int _t394;
				signed int _t395;
				signed int _t396;
				signed int _t397;
				signed int _t398;
				signed int _t399;
				signed int _t400;
				signed int _t401;
				signed int _t402;
				signed int _t403;
				intOrPtr _t438;
				intOrPtr _t439;
				intOrPtr _t441;
				void* _t444;
				signed int _t446;
				signed int* _t448;

				_t448 =  &_v160;
				_v16 = 0x961399;
				_v12 = 0x301936;
				_v8 = 0xe566e6;
				_t391 = 0;
				_t444 = 0x374f925;
				_v4 = _v4 & 0;
				_v108 = 0x7426fd;
				_v108 = _v108 + 0xfffff8c3;
				_t393 = 0x2b;
				_push("true");
				_v108 = _v108 / _t393;
				_v108 = _v108 ^ 0x0002b357;
				_v156 = 0x38452;
				_v156 = _v156 + 0x4117;
				_pop(_t394);
				_v156 = _v156 * 0x30;
				_v156 = _v156 + 0xffff7c1f;
				_v156 = _v156 ^ 0x00b47fcf;
				_v152 = 0x5ef941;
				_v152 = _v152 * 0x43;
				_v152 = _v152 >> 7;
				_v152 = _v152 << 6;
				_v152 = _v152 ^ 0x0c6d9e00;
				_v120 = 0x18b538;
				_v120 = _v120 * 0x11;
				_v120 = _v120 + 0xffffc33e;
				_v120 = _v120 >> 0xd;
				_v120 = _v120 ^ 0x00000d1e;
				_v112 = 0x5e5e29;
				_v112 = _v112 + 0x9b22;
				_v112 = _v112 / _t394;
				_v112 = _v112 ^ 0x0002e0c4;
				_v144 = 0x808e79;
				_v144 = _v144 | 0xf9cc6bdf;
				_v144 = _v144 + 0xffff3e00;
				_v144 = _v144 << 0xf;
				_v144 = _v144 ^ 0x16ff716d;
				_v28 = 0xba41b5;
				_v28 = _v28 + 0xffffb1dd;
				_v28 = _v28 ^ 0x00b49e8e;
				_v68 = 0x38cb33;
				_v68 = _v68 >> 2;
				_v68 = _v68 ^ 0x000b8367;
				_v44 = 0xd85990;
				_v44 = _v44 ^ 0x9ad510f8;
				_v44 = _v44 ^ 0x9a039936;
				_v104 = 0xf87474;
				_t395 = 0x22;
				_v104 = _v104 / _t395;
				_v104 = _v104 >> 7;
				_v104 = _v104 ^ 0x000753f7;
				_v36 = 0x3be84a;
				_v36 = _v36 << 6;
				_v36 = _v36 ^ 0x0ef6677c;
				_v128 = 0x4404d4;
				_v128 = _v128 ^ 0xb10c689b;
				_t396 = 0x5e;
				_v128 = _v128 / _t396;
				_v128 = _v128 ^ 0x298e6a61;
				_v128 = _v128 ^ 0x28610484;
				_v80 = 0xdf65bd;
				_t397 = 0x7c;
				_v80 = _v80 / _t397;
				_v80 = _v80 ^ 0x00023fe8;
				_v96 = 0x7747b3;
				_v96 = _v96 << 0xd;
				_t398 = 0x29;
				_v96 = _v96 * 0x16;
				_v96 = _v96 ^ 0x052c7385;
				_v88 = 0xae51fb;
				_v88 = _v88 + 0x359a;
				_v88 = _v88 | 0x8b717ce6;
				_v88 = _v88 ^ 0x8bfa7840;
				_v24 = 0xcaf683;
				_v24 = _v24 >> 7;
				_v24 = _v24 ^ 0x00013e33;
				_v52 = 0xefed62;
				_v52 = _v52 | 0x058c509b;
				_v52 = _v52 ^ 0x05e11655;
				_v160 = 0xbd94ea;
				_v160 = _v160 + 0x2a3a;
				_v160 = _v160 >> 5;
				_v160 = _v160 + 0x96e3;
				_v160 = _v160 ^ 0x0003401d;
				_v72 = 0x73d84b;
				_v72 = _v72 + 0x3d83;
				_v72 = _v72 ^ 0x007dedc2;
				_v76 = 0xd9453f;
				_v76 = _v76 >> 1;
				_v76 = _v76 ^ 0x006ac7af;
				_v140 = 0x85d58e;
				_v140 = _v140 * 0x2c;
				_v140 = _v140 >> 4;
				_v140 = _v140 / _t398;
				_v140 = _v140 ^ 0x000cf91a;
				_v100 = 0x1458f8;
				_v100 = _v100 ^ 0xd74f5ef9;
				_t399 = 0x5f;
				_v100 = _v100 / _t399;
				_v100 = _v100 ^ 0x0247f1d9;
				_v64 = 0x476ab5;
				_v64 = _v64 + 0xffff3492;
				_v64 = _v64 ^ 0x004c13d1;
				_v148 = 0x4dca07;
				_v148 = _v148 + 0xffff4a4e;
				_v148 = _v148 + 0xffff2093;
				_v148 = _v148 ^ 0x004c8279;
				_v136 = 0xa6ed90;
				_v136 = _v136 >> 2;
				_v136 = _v136 | 0x950d13bb;
				_v136 = _v136 >> 0xf;
				_v136 = _v136 ^ 0x000e92a5;
				_v60 = 0xea20ae;
				_v60 = _v60 * 0x5d;
				_v60 = _v60 ^ 0x550aff98;
				_v92 = 0xe3a2d4;
				_v92 = _v92 >> 6;
				_v92 = _v92 * 0x28;
				_v92 = _v92 ^ 0x008d85d0;
				_v132 = 0x9d5db8;
				_v132 = _v132 + 0xffff1bd6;
				_t400 = 0x1b;
				_v132 = _v132 / _t400;
				_v132 = _v132 << 0xa;
				_v132 = _v132 ^ 0x17217366;
				_v56 = 0xa7c0ff;
				_t401 = 0x35;
				_v56 = _v56 / _t401;
				_v56 = _v56 ^ 0x000623f9;
				_v116 = 0xf9a70;
				_v116 = _v116 >> 0xa;
				_v116 = _v116 >> 5;
				_v116 = _v116 + 0xffffd532;
				_v116 = _v116 ^ 0xfff34a0b;
				_v124 = 0xd1e957;
				_v124 = _v124 << 3;
				_t402 = 0x76;
				_v124 = _v124 / _t402;
				_v124 = _v124 + 0x1a27;
				_v124 = _v124 ^ 0x000dfee3;
				_v84 = 0x8b01d8;
				_t403 = 0x34;
				_v84 = _v84 * 0x70;
				_v84 = _v84 / _t403;
				_v84 = _v84 ^ 0x0120e28f;
				_v32 = 0xcb988c;
				_v32 = _v32 ^ 0x945cb942;
				_v32 = _v32 ^ 0x9495c850;
				_v40 = 0x79d8e1;
				_v40 = _v40 >> 9;
				_v40 = _v40 ^ 0x000c7724;
				_v48 = 0xc03196;
				_v48 = _v48 ^ 0x1279a3f1;
				_v48 = _v48 ^ 0x12baef9a;
				while(1) {
					L1:
					_t368 = 0x9ae396c;
					do {
						L2:
						if(_t444 == 0x19911bc) {
							_push(_v52);
							_push(_v24);
							_push(_v88);
							_t446 = E02BCE1F8(0x2bb1a20, _v96, __eflags);
							__eflags = E02BB738A(_v160, _t446, _v72, _v108,  &_v20, 0, _v76) - _v156;
							_t403 = _t446;
							_t444 =  ==  ? 0x9ae396c : 0x7737a40;
							E02BCFECB(_t403, _v140, _v100, _v64, _v148);
							_t448 =  &(_t448[0xb]);
							_t368 = 0x9ae396c;
							goto L12;
						}
						if(_t444 == 0x374f925) {
							_push(_t403);
							_push(_t403);
							_t378 = E02BBC5D8(0x44);
							 *0x2bd6220 = _t378;
							 *((intOrPtr*)(_t378 + 0x28)) = 0x4000;
							_t383 =  *0x2bd6220; // 0x0
							_t384 = E02BBC5D8( *((intOrPtr*)(_t383 + 0x28)));
							_t438 =  *0x2bd6220; // 0x0
							_t448 =  &(_t448[4]);
							_t444 = 0x19911bc;
							_t403 =  *((intOrPtr*)(_t438 + 0x28)) + _t384;
							 *((intOrPtr*)(_t438 + 0x24)) = _t384;
							 *((intOrPtr*)(_t438 + 0x14)) = _t384;
							 *((intOrPtr*)(_t438 + 0x1c)) = _t384;
							 *(_t438 + 0x20) = _t403;
							while(1) {
								L1:
								_t368 = 0x9ae396c;
								goto L2;
							}
						}
						if(_t444 == 0x7737a40) {
							_t439 =  *0x2bd6220; // 0x0
							E02BD2B09(_v116,  *((intOrPtr*)(_t439 + 0x24)), _v124, _v84);
							_t441 =  *0x2bd6220; // 0x0
							E02BD2B09(_v32, _t441, _v40, _v48);
							L16:
							return _t391;
						}
						if(_t444 == 0x9042860) {
							E02BBF7FE(_v132, _v20, _v56, _v112);
							goto L16;
						}
						if(_t444 != _t368) {
							goto L12;
						}
						_t389 =  *0x2bd6220; // 0x0
						_t403 = _v20;
						_t390 = E02BC8B9E(_t403, _v152, _v136, _v60,  *((intOrPtr*)(_t389 + 0x28)),  *((intOrPtr*)(_t389 + 0x24)), _v92);
						_t448 =  &(_t448[5]);
						if(_t390 != _v120) {
							_t444 = 0x7737a40;
						} else {
							_t444 = 0x9042860;
							_t391 = 1;
						}
						goto L1;
						L12:
						__eflags = _t444 - 0xe3acfc2;
					} while (__eflags != 0);
					goto L16;
				}
			}



































































                                                                                                          0x02bc2142
                                                                                                          0x02bc2148
                                                                                                          0x02bc2155
                                                                                                          0x02bc2160
                                                                                                          0x02bc216f
                                                                                                          0x02bc2171
                                                                                                          0x02bc2176
                                                                                                          0x02bc217d
                                                                                                          0x02bc2185
                                                                                                          0x02bc2193
                                                                                                          0x02bc2196
                                                                                                          0x02bc2198
                                                                                                          0x02bc219e
                                                                                                          0x02bc21a6
                                                                                                          0x02bc21ae
                                                                                                          0x02bc21bb
                                                                                                          0x02bc21be
                                                                                                          0x02bc21c2
                                                                                                          0x02bc21ca
                                                                                                          0x02bc21d2
                                                                                                          0x02bc21df
                                                                                                          0x02bc21e3
                                                                                                          0x02bc21e8
                                                                                                          0x02bc21ed
                                                                                                          0x02bc21f5
                                                                                                          0x02bc2202
                                                                                                          0x02bc2206
                                                                                                          0x02bc220e
                                                                                                          0x02bc2213
                                                                                                          0x02bc221b
                                                                                                          0x02bc2223
                                                                                                          0x02bc2233
                                                                                                          0x02bc2237
                                                                                                          0x02bc223f
                                                                                                          0x02bc2247
                                                                                                          0x02bc224f
                                                                                                          0x02bc2257
                                                                                                          0x02bc225c
                                                                                                          0x02bc2264
                                                                                                          0x02bc226f
                                                                                                          0x02bc227a
                                                                                                          0x02bc2285
                                                                                                          0x02bc228d
                                                                                                          0x02bc2292
                                                                                                          0x02bc229a
                                                                                                          0x02bc22a5
                                                                                                          0x02bc22b0
                                                                                                          0x02bc22bb
                                                                                                          0x02bc22c7
                                                                                                          0x02bc22cc
                                                                                                          0x02bc22d2
                                                                                                          0x02bc22d7
                                                                                                          0x02bc22df
                                                                                                          0x02bc22ea
                                                                                                          0x02bc22f2
                                                                                                          0x02bc22fd
                                                                                                          0x02bc2305
                                                                                                          0x02bc2311
                                                                                                          0x02bc2314
                                                                                                          0x02bc2318
                                                                                                          0x02bc2320
                                                                                                          0x02bc232a
                                                                                                          0x02bc2338
                                                                                                          0x02bc233d
                                                                                                          0x02bc2343
                                                                                                          0x02bc234b
                                                                                                          0x02bc2353
                                                                                                          0x02bc235d
                                                                                                          0x02bc2360
                                                                                                          0x02bc2364
                                                                                                          0x02bc236c
                                                                                                          0x02bc2374
                                                                                                          0x02bc237c
                                                                                                          0x02bc2384
                                                                                                          0x02bc238c
                                                                                                          0x02bc2397
                                                                                                          0x02bc239f
                                                                                                          0x02bc23aa
                                                                                                          0x02bc23b5
                                                                                                          0x02bc23c0
                                                                                                          0x02bc23cb
                                                                                                          0x02bc23d3
                                                                                                          0x02bc23db
                                                                                                          0x02bc23e0
                                                                                                          0x02bc23e8
                                                                                                          0x02bc23f0
                                                                                                          0x02bc23f8
                                                                                                          0x02bc2400
                                                                                                          0x02bc2408
                                                                                                          0x02bc2410
                                                                                                          0x02bc2414
                                                                                                          0x02bc241c
                                                                                                          0x02bc2429
                                                                                                          0x02bc242d
                                                                                                          0x02bc243a
                                                                                                          0x02bc243e
                                                                                                          0x02bc2446
                                                                                                          0x02bc244e
                                                                                                          0x02bc245a
                                                                                                          0x02bc245d
                                                                                                          0x02bc2461
                                                                                                          0x02bc2469
                                                                                                          0x02bc2471
                                                                                                          0x02bc2479
                                                                                                          0x02bc2481
                                                                                                          0x02bc2489
                                                                                                          0x02bc2499
                                                                                                          0x02bc24a1
                                                                                                          0x02bc24a9
                                                                                                          0x02bc24b1
                                                                                                          0x02bc24b6
                                                                                                          0x02bc24be
                                                                                                          0x02bc24c3
                                                                                                          0x02bc24cb
                                                                                                          0x02bc24d8
                                                                                                          0x02bc24dc
                                                                                                          0x02bc24e4
                                                                                                          0x02bc24ec
                                                                                                          0x02bc24f6
                                                                                                          0x02bc24fa
                                                                                                          0x02bc2502
                                                                                                          0x02bc250a
                                                                                                          0x02bc251f
                                                                                                          0x02bc2524
                                                                                                          0x02bc252a
                                                                                                          0x02bc252f
                                                                                                          0x02bc2537
                                                                                                          0x02bc2543
                                                                                                          0x02bc2548
                                                                                                          0x02bc254e
                                                                                                          0x02bc2556
                                                                                                          0x02bc255e
                                                                                                          0x02bc2563
                                                                                                          0x02bc2568
                                                                                                          0x02bc2570
                                                                                                          0x02bc2578
                                                                                                          0x02bc2580
                                                                                                          0x02bc2589
                                                                                                          0x02bc258e
                                                                                                          0x02bc2594
                                                                                                          0x02bc259c
                                                                                                          0x02bc25a4
                                                                                                          0x02bc25b1
                                                                                                          0x02bc25b2
                                                                                                          0x02bc25bc
                                                                                                          0x02bc25c0
                                                                                                          0x02bc25c8
                                                                                                          0x02bc25d3
                                                                                                          0x02bc25de
                                                                                                          0x02bc25e9
                                                                                                          0x02bc25f4
                                                                                                          0x02bc25fc
                                                                                                          0x02bc2607
                                                                                                          0x02bc2612
                                                                                                          0x02bc261d
                                                                                                          0x02bc2628
                                                                                                          0x02bc2628
                                                                                                          0x02bc2628
                                                                                                          0x02bc262d
                                                                                                          0x02bc262d
                                                                                                          0x02bc2633
                                                                                                          0x02bc2710
                                                                                                          0x02bc2719
                                                                                                          0x02bc2720
                                                                                                          0x02bc2731
                                                                                                          0x02bc275d
                                                                                                          0x02bc276b
                                                                                                          0x02bc276d
                                                                                                          0x02bc2778
                                                                                                          0x02bc277d
                                                                                                          0x02bc2780
                                                                                                          0x00000000
                                                                                                          0x02bc2780
                                                                                                          0x02bc263f
                                                                                                          0x02bc26b4
                                                                                                          0x02bc26b5
                                                                                                          0x02bc26b8
                                                                                                          0x02bc26bd
                                                                                                          0x02bc26c5
                                                                                                          0x02bc26df
                                                                                                          0x02bc26e7
                                                                                                          0x02bc26ec
                                                                                                          0x02bc26f2
                                                                                                          0x02bc26f5
                                                                                                          0x02bc26fd
                                                                                                          0x02bc26ff
                                                                                                          0x02bc2702
                                                                                                          0x02bc2705
                                                                                                          0x02bc2708
                                                                                                          0x02bc2628
                                                                                                          0x02bc2628
                                                                                                          0x02bc2628
                                                                                                          0x00000000
                                                                                                          0x02bc2628
                                                                                                          0x02bc2628
                                                                                                          0x02bc2643
                                                                                                          0x02bc27b7
                                                                                                          0x02bc27c4
                                                                                                          0x02bc27d7
                                                                                                          0x02bc27e4
                                                                                                          0x02bc27ef
                                                                                                          0x02bc27f8
                                                                                                          0x02bc27f8
                                                                                                          0x02bc264f
                                                                                                          0x02bc27a6
                                                                                                          0x00000000
                                                                                                          0x02bc27ac
                                                                                                          0x02bc2657
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bc2661
                                                                                                          0x02bc267b
                                                                                                          0x02bc2682
                                                                                                          0x02bc2687
                                                                                                          0x02bc268e
                                                                                                          0x02bc269a
                                                                                                          0x02bc2690
                                                                                                          0x02bc2692
                                                                                                          0x02bc2697
                                                                                                          0x02bc2697
                                                                                                          0x00000000
                                                                                                          0x02bc2785
                                                                                                          0x02bc2785
                                                                                                          0x02bc2785
                                                                                                          0x00000000
                                                                                                          0x02bc2791

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: )^^$:*$J;$b$f
                                                                                                          • API String ID: 0-204930537
                                                                                                          • Opcode ID: 3a15cc7614eb6786a1e67432ac304cbf34d13ec0a5fcbf257eb7d9fd63335443
                                                                                                          • Instruction ID: 7f9b678fa22b0f4eb230f1e200dd8550ac4f190e409a9f3bc509a4d4b9ed9a29
                                                                                                          • Opcode Fuzzy Hash: 3a15cc7614eb6786a1e67432ac304cbf34d13ec0a5fcbf257eb7d9fd63335443
                                                                                                          • Instruction Fuzzy Hash: 1BF121B15083809FC368CF25D58AA4BFBF2FBC8758F50891DF59986260D7B58949CF42
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BD2009, Relevance: 6.5, Strings: 5, Instructions: 275COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 95%
                                                                                                          			E02BD2009() {
				char _v520;
				char _v1040;
				signed int _v1044;
				intOrPtr _v1048;
				intOrPtr _v1052;
				signed int _v1056;
				signed int _v1060;
				signed int _v1064;
				signed int _v1068;
				signed int _v1072;
				signed int _v1076;
				signed int _v1080;
				signed int _v1084;
				signed int _v1088;
				signed int _v1092;
				signed int _v1096;
				signed int _v1100;
				signed int _v1104;
				signed int _v1108;
				signed int _v1112;
				signed int _v1116;
				signed int _v1120;
				signed int _v1124;
				signed int _v1128;
				signed int _v1132;
				unsigned int _v1136;
				signed int _v1140;
				signed int _v1144;
				signed int _v1148;
				signed int _v1152;
				signed int _v1156;
				signed int _v1160;
				signed int _v1164;
				signed int _v1168;
				signed int _v1172;
				unsigned int _v1176;
				signed int _v1180;
				signed int _v1184;
				void* _t310;
				intOrPtr _t312;
				void* _t315;
				void* _t319;
				void* _t320;
				intOrPtr _t321;
				signed int _t326;
				signed int _t327;
				signed int _t328;
				signed int _t329;
				signed int _t330;
				signed int _t331;
				intOrPtr _t333;
				intOrPtr _t340;
				void* _t364;
				signed int* _t368;

				_t368 =  &_v1184;
				_v1044 = _v1044 & 0x00000000;
				_v1052 = 0x35c0cd;
				_v1048 = 0xa3be33;
				_v1136 = 0x5ade05;
				_v1136 = _v1136 + 0xffffc499;
				_v1136 = _v1136 >> 0xf;
				_v1136 = _v1136 ^ 0x000b842c;
				_v1180 = 0x412a9d;
				_t326 = 0x29;
				_v1180 = _v1180 / _t326;
				_v1180 = _v1180 << 0xb;
				_t364 = 0xe958b9c;
				_v1180 = _v1180 + 0xffff9519;
				_v1180 = _v1180 ^ 0x0cbc23a5;
				_v1156 = 0xd33cfc;
				_v1156 = _v1156 + 0xffff4a87;
				_v1156 = _v1156 ^ 0xbe5aeb75;
				_t327 = 0xb;
				_v1156 = _v1156 * 0x62;
				_v1156 = _v1156 ^ 0xf0302705;
				_v1148 = 0xf18826;
				_v1148 = _v1148 << 1;
				_v1148 = _v1148 >> 0xa;
				_v1148 = _v1148 + 0xffff44eb;
				_v1148 = _v1148 ^ 0xfffe3e21;
				_v1112 = 0x4e0c4f;
				_v1112 = _v1112 + 0x7be6;
				_v1112 = _v1112 ^ 0x004f5571;
				_v1128 = 0xa7ca39;
				_v1128 = _v1128 + 0xffffebca;
				_v1128 = _v1128 / _t327;
				_v1128 = _v1128 ^ 0x000be641;
				_v1176 = 0xb5e613;
				_v1176 = _v1176 << 0xb;
				_v1176 = _v1176 << 0xb;
				_v1176 = _v1176 >> 3;
				_v1176 = _v1176 ^ 0x109d8d71;
				_v1100 = 0x8f570;
				_v1100 = _v1100 << 6;
				_v1100 = _v1100 ^ 0x02300751;
				_v1184 = 0x7a4582;
				_v1184 = _v1184 >> 0xc;
				_v1184 = _v1184 + 0xffff757f;
				_v1184 = _v1184 + 0xcda4;
				_v1184 = _v1184 ^ 0x0000a546;
				_v1140 = 0x8d05f4;
				_v1140 = _v1140 * 3;
				_v1140 = _v1140 | 0x54c49d95;
				_v1140 = _v1140 + 0xffffe0ec;
				_v1140 = _v1140 ^ 0x55e75198;
				_v1108 = 0xd76cc6;
				_v1108 = _v1108 | 0x05cc2328;
				_v1108 = _v1108 ^ 0x05dcca41;
				_v1076 = 0x1bbfa4;
				_v1076 = _v1076 * 0x15;
				_v1076 = _v1076 ^ 0x02435ecc;
				_v1084 = 0x2803a8;
				_v1084 = _v1084 << 0xd;
				_v1084 = _v1084 ^ 0x007964fc;
				_v1092 = 0x1abb48;
				_v1092 = _v1092 ^ 0xd0321100;
				_v1092 = _v1092 ^ 0xd024152f;
				_v1120 = 0x1b785b;
				_v1120 = _v1120 + 0x6594;
				_v1120 = _v1120 ^ 0xc9bc1812;
				_v1120 = _v1120 ^ 0xc9a1a482;
				_v1056 = 0xf96b0d;
				_v1056 = _v1056 | 0x7a81934f;
				_v1056 = _v1056 ^ 0x7af06d17;
				_v1116 = 0xc0176d;
				_t328 = 0x57;
				_v1116 = _v1116 / _t328;
				_v1116 = _v1116 ^ 0x000c7a92;
				_v1144 = 0x386a20;
				_v1144 = _v1144 >> 0xa;
				_t329 = 0x41;
				_v1144 = _v1144 * 0x35;
				_v1144 = _v1144 + 0xffff2f3c;
				_v1144 = _v1144 ^ 0x00015cc7;
				_v1124 = 0xfe7131;
				_v1124 = _v1124 >> 4;
				_v1124 = _v1124 + 0xffffd592;
				_v1124 = _v1124 ^ 0x000ea5e3;
				_v1172 = 0xf233ef;
				_v1172 = _v1172 / _t329;
				_v1172 = _v1172 >> 8;
				_v1172 = _v1172 >> 7;
				_v1172 = _v1172 ^ 0x000dfea7;
				_v1088 = 0xf13b31;
				_v1088 = _v1088 << 4;
				_v1088 = _v1088 ^ 0x0f1b90b2;
				_v1060 = 0x8432f0;
				_v1060 = _v1060 + 0xf898;
				_v1060 = _v1060 ^ 0x00806ced;
				_v1096 = 0x8a20ae;
				_v1096 = _v1096 + 0xffff5c91;
				_v1096 = _v1096 ^ 0x008c8276;
				_v1072 = 0xbc3343;
				_v1072 = _v1072 | 0xeb032685;
				_v1072 = _v1072 ^ 0xebbb8611;
				_v1104 = 0xb5445c;
				_v1104 = _v1104 | 0x38284c17;
				_v1104 = _v1104 ^ 0x38b8f1ba;
				_v1152 = 0x20ddec;
				_t330 = 0x69;
				_v1152 = _v1152 * 0x4d;
				_v1152 = _v1152 >> 1;
				_v1152 = _v1152 << 0xc;
				_v1152 = _v1152 ^ 0x15fd1151;
				_v1132 = 0xda9d4d;
				_v1132 = _v1132 / _t330;
				_v1132 = _v1132 ^ 0x63ba58ef;
				_v1132 = _v1132 ^ 0x63ba5da3;
				_v1080 = 0xcf1222;
				_v1080 = _v1080 | 0x484758e4;
				_v1080 = _v1080 ^ 0x48c184f1;
				_v1064 = 0x309461;
				_v1064 = _v1064 + 0xffffd409;
				_v1064 = _v1064 ^ 0x00392de5;
				_v1164 = 0xd882bd;
				_t331 = 0xc;
				_v1164 = _v1164 / _t331;
				_v1164 = _v1164 + 0x74b;
				_v1164 = _v1164 >> 3;
				_v1164 = _v1164 ^ 0x00039f5a;
				_v1160 = 0x7a48e2;
				_v1160 = _v1160 ^ 0x69cb0a8d;
				_v1160 = _v1160 ^ 0x1624d419;
				_v1160 = _v1160 >> 9;
				_v1160 = _v1160 ^ 0x00301506;
				_v1168 = 0x1f51cb;
				_v1168 = _v1168 ^ 0x7c6813be;
				_v1168 = _v1168 * 0x65;
				_v1168 = _v1168 + 0xffff91bf;
				_v1168 = _v1168 ^ 0x1b097545;
				_v1068 = 0x9ab8d;
				_v1068 = _v1068 + 0x88f0;
				_v1068 = _v1068 ^ 0x000186e4;
				E02BB556B(_t331);
				do {
					while(_t364 != 0x62623fc) {
						if(_t364 == 0x81770e6) {
							return E02BC654A(_v1160, _v1168, __eflags,  &_v520, _v1068,  &_v1040);
						}
						if(_t364 == 0xe065299) {
							_push(_v1124);
							_push(_v1144);
							_push(_v1116);
							_t319 = E02BCE1F8(0x2bb1080, _v1056, __eflags);
							_t320 = E02BBDC1B(_v1172);
							_t340 =  *0x2bd6214; // 0x0
							_t321 =  *0x2bd6214; // 0x0
							E02BD44AD(_v1060, __eflags, _v1096,  &_v1040, _t321 + 0x23c, _v1072, _v1104, _t319, _t340 + 0x34, _t320, _v1152);
							_t315 = E02BCFECB(_t319, _v1132, _v1080, _v1064, _v1164);
							_t368 =  &(_t368[0xf]);
							_t364 = 0x81770e6;
							continue;
						}
						if(_t364 != 0xe958b9c) {
							goto L8;
						}
						_t364 = 0x62623fc;
					}
					_push(_v1128);
					_push(_v1112);
					_push(_v1148);
					_t310 = E02BCE1F8(0x2bb1000, _v1156, __eflags);
					_t333 =  *0x2bd6214; // 0x0
					_t312 =  *0x2bd6214; // 0x0
					__eflags = _t312 + 0x23c;
					E02BD2D0A(_v1100, _t312 + 0x23c, _t312 + 0x23c, _v1184, _v1140, _v1108, _t333 + 0x34,  &_v520, _t333 + 0x34, _t310);
					_t315 = E02BCFECB(_t310, _v1076, _v1084, _v1092, _v1120);
					_t368 =  &(_t368[0xe]);
					_t364 = 0xe065299;
					L8:
					__eflags = _t364 - 0xc2e12c9;
				} while (__eflags != 0);
				return _t315;
			}

























































                                                                                                          0x02bd2009
                                                                                                          0x02bd200f
                                                                                                          0x02bd2019
                                                                                                          0x02bd2024
                                                                                                          0x02bd202f
                                                                                                          0x02bd2037
                                                                                                          0x02bd203f
                                                                                                          0x02bd2044
                                                                                                          0x02bd204c
                                                                                                          0x02bd205e
                                                                                                          0x02bd2063
                                                                                                          0x02bd2069
                                                                                                          0x02bd206e
                                                                                                          0x02bd2073
                                                                                                          0x02bd207b
                                                                                                          0x02bd2083
                                                                                                          0x02bd208b
                                                                                                          0x02bd2093
                                                                                                          0x02bd20a0
                                                                                                          0x02bd20a1
                                                                                                          0x02bd20a5
                                                                                                          0x02bd20ad
                                                                                                          0x02bd20b5
                                                                                                          0x02bd20b9
                                                                                                          0x02bd20be
                                                                                                          0x02bd20c6
                                                                                                          0x02bd20ce
                                                                                                          0x02bd20d6
                                                                                                          0x02bd20de
                                                                                                          0x02bd20e6
                                                                                                          0x02bd20ee
                                                                                                          0x02bd20fc
                                                                                                          0x02bd2100
                                                                                                          0x02bd2108
                                                                                                          0x02bd2110
                                                                                                          0x02bd2115
                                                                                                          0x02bd211a
                                                                                                          0x02bd211f
                                                                                                          0x02bd2127
                                                                                                          0x02bd212f
                                                                                                          0x02bd2134
                                                                                                          0x02bd213c
                                                                                                          0x02bd2144
                                                                                                          0x02bd2149
                                                                                                          0x02bd2151
                                                                                                          0x02bd2159
                                                                                                          0x02bd2161
                                                                                                          0x02bd216e
                                                                                                          0x02bd2172
                                                                                                          0x02bd217a
                                                                                                          0x02bd2182
                                                                                                          0x02bd218a
                                                                                                          0x02bd2192
                                                                                                          0x02bd219a
                                                                                                          0x02bd21a2
                                                                                                          0x02bd21af
                                                                                                          0x02bd21b3
                                                                                                          0x02bd21bb
                                                                                                          0x02bd21c3
                                                                                                          0x02bd21c8
                                                                                                          0x02bd21d0
                                                                                                          0x02bd21d8
                                                                                                          0x02bd21e0
                                                                                                          0x02bd21e8
                                                                                                          0x02bd21f0
                                                                                                          0x02bd21f8
                                                                                                          0x02bd2200
                                                                                                          0x02bd2208
                                                                                                          0x02bd2215
                                                                                                          0x02bd2220
                                                                                                          0x02bd222b
                                                                                                          0x02bd2239
                                                                                                          0x02bd223e
                                                                                                          0x02bd2244
                                                                                                          0x02bd224c
                                                                                                          0x02bd2254
                                                                                                          0x02bd225e
                                                                                                          0x02bd2261
                                                                                                          0x02bd2265
                                                                                                          0x02bd226d
                                                                                                          0x02bd2275
                                                                                                          0x02bd227d
                                                                                                          0x02bd2282
                                                                                                          0x02bd228a
                                                                                                          0x02bd2292
                                                                                                          0x02bd22a2
                                                                                                          0x02bd22a6
                                                                                                          0x02bd22ab
                                                                                                          0x02bd22b0
                                                                                                          0x02bd22b8
                                                                                                          0x02bd22c0
                                                                                                          0x02bd22c5
                                                                                                          0x02bd22cd
                                                                                                          0x02bd22d8
                                                                                                          0x02bd22e3
                                                                                                          0x02bd22ee
                                                                                                          0x02bd22f6
                                                                                                          0x02bd22fe
                                                                                                          0x02bd2306
                                                                                                          0x02bd2311
                                                                                                          0x02bd231c
                                                                                                          0x02bd2327
                                                                                                          0x02bd232f
                                                                                                          0x02bd2337
                                                                                                          0x02bd233f
                                                                                                          0x02bd234c
                                                                                                          0x02bd234f
                                                                                                          0x02bd2353
                                                                                                          0x02bd2357
                                                                                                          0x02bd235c
                                                                                                          0x02bd2364
                                                                                                          0x02bd2374
                                                                                                          0x02bd2378
                                                                                                          0x02bd2380
                                                                                                          0x02bd2388
                                                                                                          0x02bd2390
                                                                                                          0x02bd2398
                                                                                                          0x02bd23a0
                                                                                                          0x02bd23ab
                                                                                                          0x02bd23b6
                                                                                                          0x02bd23c1
                                                                                                          0x02bd23cd
                                                                                                          0x02bd23d0
                                                                                                          0x02bd23d4
                                                                                                          0x02bd23dc
                                                                                                          0x02bd23e1
                                                                                                          0x02bd23e9
                                                                                                          0x02bd23f1
                                                                                                          0x02bd23f9
                                                                                                          0x02bd2401
                                                                                                          0x02bd2406
                                                                                                          0x02bd240e
                                                                                                          0x02bd2416
                                                                                                          0x02bd2423
                                                                                                          0x02bd2427
                                                                                                          0x02bd242f
                                                                                                          0x02bd2437
                                                                                                          0x02bd2442
                                                                                                          0x02bd244d
                                                                                                          0x02bd2460
                                                                                                          0x02bd2474
                                                                                                          0x02bd2474
                                                                                                          0x02bd247e
                                                                                                          0x00000000
                                                                                                          0x02bd25e3
                                                                                                          0x02bd2486
                                                                                                          0x02bd2498
                                                                                                          0x02bd24a1
                                                                                                          0x02bd24a5
                                                                                                          0x02bd24b0
                                                                                                          0x02bd24bb
                                                                                                          0x02bd24c7
                                                                                                          0x02bd24de
                                                                                                          0x02bd2506
                                                                                                          0x02bd2523
                                                                                                          0x02bd2528
                                                                                                          0x02bd252b
                                                                                                          0x00000000
                                                                                                          0x02bd252b
                                                                                                          0x02bd248e
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bd2494
                                                                                                          0x02bd2494
                                                                                                          0x02bd2532
                                                                                                          0x02bd253b
                                                                                                          0x02bd253f
                                                                                                          0x02bd2547
                                                                                                          0x02bd254c
                                                                                                          0x02bd2571
                                                                                                          0x02bd257d
                                                                                                          0x02bd2587
                                                                                                          0x02bd25a7
                                                                                                          0x02bd25ac
                                                                                                          0x02bd25af
                                                                                                          0x02bd25b1
                                                                                                          0x02bd25b1
                                                                                                          0x02bd25b1
                                                                                                          0x00000000

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: j8$qUO$-9$Hz$XGH
                                                                                                          • API String ID: 0-60989354
                                                                                                          • Opcode ID: 9792ea96405e64c51a5b5c9ddc0fc7f491192e89536bc8fe0ef0ffafced602e7
                                                                                                          • Instruction ID: ad4770d1299f3e972c4aeda9d377819fd34d6430eaf5f3aab4e0518711380636
                                                                                                          • Opcode Fuzzy Hash: 9792ea96405e64c51a5b5c9ddc0fc7f491192e89536bc8fe0ef0ffafced602e7
                                                                                                          • Instruction Fuzzy Hash: EAE132714097809FC3A8CF24C589A9BBBF1FBC4748F508A1CF5D986261D7B48948CF42
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BD3EE9, Relevance: 6.5, Strings: 5, Instructions: 273COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 95%
                                                                                                          			E02BD3EE9() {
				intOrPtr _t261;
				intOrPtr _t262;
				void* _t268;
				signed char _t274;
				intOrPtr _t277;
				signed int _t288;
				intOrPtr _t289;
				signed char _t296;
				signed int _t316;
				intOrPtr _t326;
				intOrPtr _t330;
				signed int _t333;
				signed int _t334;
				signed int _t335;
				signed int _t336;
				signed int _t337;
				signed int _t338;
				intOrPtr _t342;
				void* _t344;

				 *(_t344 + 0x70) =  *(_t344 + 0x70) & 0x00000000;
				 *(_t344 + 0x74) =  *(_t344 + 0x74) & 0x00000000;
				_t288 = 0x4bd14f4;
				 *((intOrPtr*)(_t344 + 0x6c)) = 0x2dbabe;
				 *(_t344 + 0x4c) = 0x48601c;
				 *(_t344 + 0x4c) =  *(_t344 + 0x4c) | 0x68876aab;
				 *(_t344 + 0x4c) =  *(_t344 + 0x4c) ^ 0x68cba8bf;
				 *(_t344 + 8) = 0xdbf1f3;
				 *(_t344 + 0x18) =  *(_t344 + 8) * 9;
				_t333 = 0x4c;
				 *(_t344 + 0x1c) =  *(_t344 + 0x18) / _t333;
				 *(_t344 + 0x1c) =  *(_t344 + 0x1c) << 0xd;
				 *(_t344 + 0x1c) =  *(_t344 + 0x1c) ^ 0x4172a216;
				 *(_t344 + 0x3c) = 0x6d1b19;
				 *(_t344 + 0x3c) =  *(_t344 + 0x3c) | 0x79048263;
				 *(_t344 + 0x3c) =  *(_t344 + 0x3c) >> 5;
				 *(_t344 + 0x3c) =  *(_t344 + 0x3c) ^ 0x03cbeeb4;
				 *(_t344 + 0x18) = 0x1a2d0d;
				 *(_t344 + 0x18) =  *(_t344 + 0x18) >> 6;
				_t334 = 9;
				 *(_t344 + 0x18) =  *(_t344 + 0x18) / _t334;
				 *(_t344 + 0x18) =  *(_t344 + 0x18) + 0xffff8a27;
				 *(_t344 + 0x18) =  *(_t344 + 0x18) ^ 0xfffbe0f3;
				 *(_t344 + 0x5c) = 0xa7cc6c;
				 *(_t344 + 0x5c) =  *(_t344 + 0x5c) >> 4;
				 *(_t344 + 0x5c) =  *(_t344 + 0x5c) ^ 0x000a2772;
				 *(_t344 + 0x38) = 0x67bd1;
				_t335 = 0x3d;
				 *(_t344 + 0x38) =  *(_t344 + 0x38) / _t335;
				 *(_t344 + 0x38) =  *(_t344 + 0x38) << 0x10;
				 *(_t344 + 0x38) =  *(_t344 + 0x38) ^ 0x1b333388;
				 *(_t344 + 0x28) = 0xde9e16;
				 *(_t344 + 0x28) =  *(_t344 + 0x28) | 0xff1d3c4c;
				_t336 = 6;
				 *(_t344 + 0x28) =  *(_t344 + 0x28) / _t336;
				_t337 = 0x70;
				 *(_t344 + 0x24) =  *(_t344 + 0x28) / _t337;
				 *(_t344 + 0x24) =  *(_t344 + 0x24) ^ 0x006adbe6;
				 *(_t344 + 0x20) = 0xac092b;
				 *(_t344 + 0x20) =  *(_t344 + 0x20) ^ 0xc14e4d03;
				 *(_t344 + 0x20) =  *(_t344 + 0x20) + 0x9f69;
				 *(_t344 + 0x20) =  *(_t344 + 0x20) ^ 0x18e1fb77;
				 *(_t344 + 0x20) =  *(_t344 + 0x20) ^ 0xd908b9ac;
				 *(_t344 + 0x3c) = 0xd958f8;
				 *(_t344 + 0x3c) =  *(_t344 + 0x3c) ^ 0xf9ce44cf;
				 *(_t344 + 0x3c) =  *(_t344 + 0x3c) << 0xe;
				 *(_t344 + 0x3c) =  *(_t344 + 0x3c) ^ 0xc707f990;
				 *(_t344 + 0x1c) = 0x265505;
				 *(_t344 + 0x1c) =  *(_t344 + 0x1c) + 0xffff5b39;
				 *(_t344 + 0x1c) =  *(_t344 + 0x1c) + 0x9a51;
				 *(_t344 + 0x1c) =  *(_t344 + 0x1c) + 0xc9e0;
				 *(_t344 + 0x1c) =  *(_t344 + 0x1c) ^ 0x00291d5e;
				 *(_t344 + 0x4c) = 0xea08b8;
				 *(_t344 + 0x4c) =  *(_t344 + 0x4c) ^ 0xb1227b65;
				 *(_t344 + 0x4c) =  *(_t344 + 0x4c) * 0x47;
				 *(_t344 + 0x4c) =  *(_t344 + 0x4c) ^ 0x4e906ac6;
				 *(_t344 + 0x60) = 0x906ac9;
				_t338 = 0x13;
				_t330 =  *((intOrPtr*)(_t344 + 0x78));
				_t342 =  *((intOrPtr*)(_t344 + 0x78));
				 *(_t344 + 0x60) =  *(_t344 + 0x60) * 3;
				 *(_t344 + 0x60) =  *(_t344 + 0x60) ^ 0x01b02f9b;
				 *(_t344 + 0x48) = 0xe018a0;
				 *(_t344 + 0x48) =  *(_t344 + 0x48) >> 3;
				 *(_t344 + 0x48) =  *(_t344 + 0x48) << 4;
				 *(_t344 + 0x48) =  *(_t344 + 0x48) ^ 0x01c3463d;
				 *(_t344 + 0x44) = 0xcf92eb;
				 *(_t344 + 0x44) =  *(_t344 + 0x44) | 0xa78abf74;
				 *(_t344 + 0x44) =  *(_t344 + 0x44) + 0x2871;
				 *(_t344 + 0x44) =  *(_t344 + 0x44) ^ 0xa7cf65bf;
				 *(_t344 + 0x40) = 0xa30b5e;
				 *(_t344 + 0x40) =  *(_t344 + 0x40) / _t338;
				 *(_t344 + 0x40) =  *(_t344 + 0x40) ^ 0xa5b52837;
				 *(_t344 + 0x40) =  *(_t344 + 0x40) ^ 0xa5b9bcfc;
				 *(_t344 + 0x50) = 0x1f98d4;
				 *(_t344 + 0x50) =  *(_t344 + 0x50) ^ 0x1ce7877d;
				 *(_t344 + 0x50) =  *(_t344 + 0x50) >> 9;
				 *(_t344 + 0x50) =  *(_t344 + 0x50) ^ 0x000a2579;
				 *(_t344 + 0x64) = 0x5b61ba;
				 *(_t344 + 0x64) =  *(_t344 + 0x64) + 0xffffd71d;
				 *(_t344 + 0x64) =  *(_t344 + 0x64) ^ 0x005007f5;
				 *(_t344 + 0x2c) = 0xb4bbf5;
				 *(_t344 + 0x2c) =  *(_t344 + 0x2c) ^ 0x03029a47;
				 *(_t344 + 0x2c) =  *(_t344 + 0x2c) >> 0xf;
				 *(_t344 + 0x2c) =  *(_t344 + 0x2c) ^ 0x93b7d07c;
				 *(_t344 + 0x2c) =  *(_t344 + 0x2c) ^ 0x93b00a56;
				 *(_t344 + 0x28) = 0x1351a7;
				 *(_t344 + 0x28) =  *(_t344 + 0x28) >> 9;
				 *(_t344 + 0x28) =  *(_t344 + 0x28) ^ 0xc8bf819f;
				 *(_t344 + 0x28) =  *(_t344 + 0x28) * 0x2d;
				 *(_t344 + 0x28) =  *(_t344 + 0x28) ^ 0x49a4694e;
				 *(_t344 + 0x70) = 0x74ba7c;
				 *(_t344 + 0x70) =  *(_t344 + 0x70) ^ 0x3ad619e0;
				 *(_t344 + 0x70) =  *(_t344 + 0x70) ^ 0x3aa46fbb;
				 *(_t344 + 0x30) = 0x6db52d;
				 *(_t344 + 0x30) =  *(_t344 + 0x30) << 9;
				 *(_t344 + 0x30) =  *(_t344 + 0x30) + 0xffffb915;
				 *(_t344 + 0x30) =  *(_t344 + 0x30) | 0x57796199;
				 *(_t344 + 0x30) =  *(_t344 + 0x30) ^ 0xdf7399d9;
				 *(_t344 + 0x54) = 0x4f3eba;
				 *(_t344 + 0x54) =  *(_t344 + 0x54) + 0xffff5dec;
				 *(_t344 + 0x54) =  *(_t344 + 0x54) << 7;
				 *(_t344 + 0x54) =  *(_t344 + 0x54) ^ 0x274d646c;
				while(1) {
					L1:
					_t316 =  *(_t344 + 0x68);
					while(1) {
						L2:
						_t261 =  *((intOrPtr*)(_t344 + 0x6c));
						L3:
						while(_t288 != 0x42bf5b6) {
							if(_t288 == 0x434f657) {
								_push( *(_t344 + 0x1c));
								_push( *(_t344 + 0x40));
								_push( *(_t344 + 0x28));
								 *((char*)(_t344 + 0x1f)) =  *((intOrPtr*)(_t330 + 1));
								 *(_t344 + 0x1e) =  *((intOrPtr*)(_t330 + 3));
								_t268 = E02BCE1F8(0x2bb1758,  *(_t344 + 0x30), __eflags);
								_push( *(_t330 + 2) & 0x000000ff);
								E02BBF96F( *(_t344 + 0x74), __eflags, 0x10,  *(_t344 + 0x3f) & 0x000000ff, _t268,  *(_t344 + 0x1e) & 0x000000ff,  *((intOrPtr*)(_t344 + 0x84)), _t342 + 0x20,  *(_t330 + 2) & 0x000000ff,  *(_t344 + 0x60),  *((intOrPtr*)(_t344 + 0x58)),  *(_t344 + 0x50));
								_t223 = _t344 + 0x5c; // 0xa2772
								E02BCFECB(_t268,  *((intOrPtr*)(_t344 + 0x90)),  *((intOrPtr*)(_t344 + 0xa0)),  *(_t344 + 0x64),  *_t223);
								_t344 = _t344 + 0x40;
								 *(_t342 + 0x14) = ( *(_t330 + 4) & 0x000000ff) << 0x00000008 |  *(_t330 + 5) & 0x000000ff;
								_t274 =  *((intOrPtr*)(_t330 + 6));
								_t296 =  *((intOrPtr*)(_t330 + 7));
								_t330 = _t330 + 8;
								_t288 = 0x42bf5b6;
								 *(_t342 + 0x44) = (_t274 & 0x000000ff) << 0x00000008 | _t296 & 0x000000ff;
								goto L1;
							} else {
								if(_t288 == 0x4bd14f4) {
									_t326 =  *0x2bd6228; // 0x0
									_t288 = 0x70ba79f;
									_t316 = _t326 + 0x14;
									 *(_t344 + 0x68) = _t316;
									goto L2;
								} else {
									if(_t288 == 0x70ba79f) {
										_t277 = E02BC3D85( *(_t344 + 0x60), 0x2bd6000, __eflags, _t344 + 0x78,  *(_t344 + 0x18));
										_t316 =  *(_t344 + 0x70);
										_t330 = _t277;
										 *((intOrPtr*)(_t344 + 0x7c)) = _t277;
										_t261 = _t277 +  *((intOrPtr*)(_t344 + 0x78));
										 *((intOrPtr*)(_t344 + 0x6c)) = _t261;
										_t288 = 0xc4a3c33;
										continue;
									} else {
										if(_t288 == 0x9fd5b32) {
											__eflags = _t330 - _t261;
											asm("sbb ecx, ecx");
											_t288 = (_t288 & 0x0165beb9) + 0xae47d7a;
											continue;
										} else {
											if(_t288 == 0xae47d7a) {
												E02BD2B09( *((intOrPtr*)(_t344 + 0x78)),  *((intOrPtr*)(_t344 + 0x7c)),  *((intOrPtr*)(_t344 + 0x34)),  *(_t344 + 0x54));
											} else {
												if(_t288 != 0xc4a3c33) {
													L17:
													__eflags = _t288 - 0xd28cf5a;
													if(__eflags != 0) {
														L2:
														_t261 =  *((intOrPtr*)(_t344 + 0x6c));
														continue;
													}
												} else {
													_push(_t288);
													_push(_t288);
													_t342 = E02BBC5D8(0x60);
													_t344 = _t344 + 0xc;
													if(_t342 != 0) {
														_t288 = 0x434f657;
														while(1) {
															L1:
															_t316 =  *(_t344 + 0x68);
															while(1) {
																L2:
																_t261 =  *((intOrPtr*)(_t344 + 0x6c));
																goto L3;
															}
														}
													}
												}
											}
										}
									}
								}
							}
							_t289 =  *0x2bd6228; // 0x0
							 *(_t289 + 0x1c) =  *(_t289 + 0x1c) & 0x00000000;
							 *((intOrPtr*)(_t289 + 4)) =  *((intOrPtr*)(_t289 + 0x14));
							__eflags = 1;
							return 1;
						}
						_t262 =  *0x2bd6228; // 0x0
						_t288 = 0x9fd5b32;
						 *_t316 = _t342;
						_t316 = _t342 + 0x18;
						 *(_t344 + 0x68) = _t316;
						_t235 = _t262 + 0x18;
						 *_t235 =  *((intOrPtr*)(_t262 + 0x18)) + 1;
						__eflags =  *_t235;
						goto L17;
					}
				}
			}






















                                                                                                          0x02bd3eec
                                                                                                          0x02bd3ef3
                                                                                                          0x02bd3ef8
                                                                                                          0x02bd3efd
                                                                                                          0x02bd3f05
                                                                                                          0x02bd3f0d
                                                                                                          0x02bd3f15
                                                                                                          0x02bd3f1d
                                                                                                          0x02bd3f2e
                                                                                                          0x02bd3f38
                                                                                                          0x02bd3f3d
                                                                                                          0x02bd3f43
                                                                                                          0x02bd3f48
                                                                                                          0x02bd3f50
                                                                                                          0x02bd3f58
                                                                                                          0x02bd3f60
                                                                                                          0x02bd3f65
                                                                                                          0x02bd3f6d
                                                                                                          0x02bd3f75
                                                                                                          0x02bd3f7e
                                                                                                          0x02bd3f83
                                                                                                          0x02bd3f89
                                                                                                          0x02bd3f91
                                                                                                          0x02bd3f99
                                                                                                          0x02bd3fa1
                                                                                                          0x02bd3fa6
                                                                                                          0x02bd3fae
                                                                                                          0x02bd3fba
                                                                                                          0x02bd3fbf
                                                                                                          0x02bd3fc5
                                                                                                          0x02bd3fca
                                                                                                          0x02bd3fd2
                                                                                                          0x02bd3fda
                                                                                                          0x02bd3fe6
                                                                                                          0x02bd3feb
                                                                                                          0x02bd3ff5
                                                                                                          0x02bd3ff8
                                                                                                          0x02bd3ffc
                                                                                                          0x02bd4004
                                                                                                          0x02bd400c
                                                                                                          0x02bd4014
                                                                                                          0x02bd401c
                                                                                                          0x02bd4024
                                                                                                          0x02bd402c
                                                                                                          0x02bd4034
                                                                                                          0x02bd403c
                                                                                                          0x02bd4041
                                                                                                          0x02bd4049
                                                                                                          0x02bd4051
                                                                                                          0x02bd4059
                                                                                                          0x02bd4061
                                                                                                          0x02bd4069
                                                                                                          0x02bd4071
                                                                                                          0x02bd4079
                                                                                                          0x02bd4086
                                                                                                          0x02bd408a
                                                                                                          0x02bd4094
                                                                                                          0x02bd40a3
                                                                                                          0x02bd40a4
                                                                                                          0x02bd40a8
                                                                                                          0x02bd40ac
                                                                                                          0x02bd40b0
                                                                                                          0x02bd40b8
                                                                                                          0x02bd40c0
                                                                                                          0x02bd40c5
                                                                                                          0x02bd40ca
                                                                                                          0x02bd40d2
                                                                                                          0x02bd40da
                                                                                                          0x02bd40e2
                                                                                                          0x02bd40ea
                                                                                                          0x02bd40f2
                                                                                                          0x02bd4100
                                                                                                          0x02bd4104
                                                                                                          0x02bd410c
                                                                                                          0x02bd4114
                                                                                                          0x02bd411c
                                                                                                          0x02bd4124
                                                                                                          0x02bd4129
                                                                                                          0x02bd4131
                                                                                                          0x02bd4139
                                                                                                          0x02bd4141
                                                                                                          0x02bd4149
                                                                                                          0x02bd4151
                                                                                                          0x02bd4159
                                                                                                          0x02bd415e
                                                                                                          0x02bd4166
                                                                                                          0x02bd416e
                                                                                                          0x02bd4176
                                                                                                          0x02bd417b
                                                                                                          0x02bd4188
                                                                                                          0x02bd418c
                                                                                                          0x02bd4194
                                                                                                          0x02bd419c
                                                                                                          0x02bd41a4
                                                                                                          0x02bd41ac
                                                                                                          0x02bd41b4
                                                                                                          0x02bd41b9
                                                                                                          0x02bd41c1
                                                                                                          0x02bd41c9
                                                                                                          0x02bd41d1
                                                                                                          0x02bd41d9
                                                                                                          0x02bd41e1
                                                                                                          0x02bd41e6
                                                                                                          0x02bd41ee
                                                                                                          0x02bd41ee
                                                                                                          0x02bd41ee
                                                                                                          0x02bd41f2
                                                                                                          0x02bd41f2
                                                                                                          0x02bd41f2
                                                                                                          0x00000000
                                                                                                          0x02bd41f6
                                                                                                          0x02bd4208
                                                                                                          0x02bd42d3
                                                                                                          0x02bd42df
                                                                                                          0x02bd42e5
                                                                                                          0x02bd42f0
                                                                                                          0x02bd42f7
                                                                                                          0x02bd42fb
                                                                                                          0x02bd430a
                                                                                                          0x02bd4335
                                                                                                          0x02bd433a
                                                                                                          0x02bd4352
                                                                                                          0x02bd435b
                                                                                                          0x02bd4369
                                                                                                          0x02bd436d
                                                                                                          0x02bd4370
                                                                                                          0x02bd4373
                                                                                                          0x02bd437c
                                                                                                          0x02bd4388
                                                                                                          0x00000000
                                                                                                          0x02bd420e
                                                                                                          0x02bd4214
                                                                                                          0x02bd42bc
                                                                                                          0x02bd42c2
                                                                                                          0x02bd42c7
                                                                                                          0x02bd42ca
                                                                                                          0x00000000
                                                                                                          0x02bd421a
                                                                                                          0x02bd4220
                                                                                                          0x02bd4299
                                                                                                          0x02bd429e
                                                                                                          0x02bd42a2
                                                                                                          0x02bd42a5
                                                                                                          0x02bd42a9
                                                                                                          0x02bd42ae
                                                                                                          0x02bd42b2
                                                                                                          0x00000000
                                                                                                          0x02bd4222
                                                                                                          0x02bd4228
                                                                                                          0x02bd4272
                                                                                                          0x02bd4274
                                                                                                          0x02bd427c
                                                                                                          0x00000000
                                                                                                          0x02bd422a
                                                                                                          0x02bd4230
                                                                                                          0x02bd43c4
                                                                                                          0x02bd4236
                                                                                                          0x02bd423c
                                                                                                          0x02bd43a7
                                                                                                          0x02bd43a7
                                                                                                          0x02bd43ad
                                                                                                          0x02bd41f2
                                                                                                          0x02bd41f2
                                                                                                          0x00000000
                                                                                                          0x02bd41f2
                                                                                                          0x02bd4242
                                                                                                          0x02bd4252
                                                                                                          0x02bd4253
                                                                                                          0x02bd425b
                                                                                                          0x02bd425d
                                                                                                          0x02bd4262
                                                                                                          0x02bd4268
                                                                                                          0x02bd41ee
                                                                                                          0x02bd41ee
                                                                                                          0x02bd41ee
                                                                                                          0x02bd41f2
                                                                                                          0x02bd41f2
                                                                                                          0x02bd41f2
                                                                                                          0x00000000
                                                                                                          0x02bd41f2
                                                                                                          0x02bd41f2
                                                                                                          0x02bd41ee
                                                                                                          0x02bd4262
                                                                                                          0x02bd423c
                                                                                                          0x02bd4230
                                                                                                          0x02bd4228
                                                                                                          0x02bd4220
                                                                                                          0x02bd4214
                                                                                                          0x02bd43cb
                                                                                                          0x02bd43d7
                                                                                                          0x02bd43db
                                                                                                          0x02bd43e0
                                                                                                          0x02bd43e5
                                                                                                          0x02bd43e5
                                                                                                          0x02bd4391
                                                                                                          0x02bd4396
                                                                                                          0x02bd439b
                                                                                                          0x02bd439d
                                                                                                          0x02bd43a0
                                                                                                          0x02bd43a4
                                                                                                          0x02bd43a4
                                                                                                          0x02bd43a4
                                                                                                          0x00000000
                                                                                                          0x02bd43a4
                                                                                                          0x02bd41f2

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: ldM'$q($r'$y%$z}
                                                                                                          • API String ID: 0-1771948706
                                                                                                          • Opcode ID: 099275a1d6c27dae03a81d393979490dc09aba0cdad4b47e49a183abbac98ee4
                                                                                                          • Instruction ID: 6cea4425e56d44bc4f8544650d8e8b65b6abdcaad397e829d525a49c469f301d
                                                                                                          • Opcode Fuzzy Hash: 099275a1d6c27dae03a81d393979490dc09aba0cdad4b47e49a183abbac98ee4
                                                                                                          • Instruction Fuzzy Hash: 8BD132711083819FD368CF25C48959BBFF2FB95358F148A0DF2A696260E3B5C949CF82
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BBFB8E, Relevance: 6.5, Strings: 5, Instructions: 266COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 95%
                                                                                                          			E02BBFB8E(void* __ecx, intOrPtr* __edx, intOrPtr* _a4, intOrPtr _a8) {
				char _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				void* _t261;
				intOrPtr* _t284;
				void* _t286;
				intOrPtr _t294;
				intOrPtr* _t295;
				void* _t297;
				intOrPtr* _t299;
				void* _t301;
				void* _t325;
				intOrPtr* _t327;
				signed int _t328;
				signed int _t329;
				signed int _t330;
				signed int _t331;
				signed int _t332;
				signed int _t333;
				signed int _t334;
				signed int* _t337;

				_t299 = _a4;
				_push(_a8);
				_t327 = __edx;
				_push(_t299);
				_push(__edx);
				_push(__ecx);
				E02BCFE29(_t261);
				_v92 = 0x4ad2af;
				_t337 =  &(( &_v124)[4]);
				_v92 = _v92 << 4;
				_t325 = 0;
				_t301 = 0xeae8bd1;
				_t328 = 0x27;
				_v92 = _v92 * 0x30;
				_v92 = _v92 ^ 0xe0780d01;
				_v32 = 0x52ecdf;
				_v32 = _v32 | 0x4795fc12;
				_v32 = _v32 ^ 0x47d7fcde;
				_v40 = 0x6c24d1;
				_v40 = _v40 + 0xffffd677;
				_v40 = _v40 ^ 0x006bfb48;
				_v124 = 0xafb159;
				_v124 = _v124 + 0x853c;
				_v124 = _v124 * 0x3c;
				_v124 = _v124 + 0xffffb483;
				_v124 = _v124 ^ 0x294c7f6f;
				_v116 = 0x2e5989;
				_v116 = _v116 << 3;
				_v116 = _v116 << 0xc;
				_v116 = _v116 + 0xffff32fd;
				_v116 = _v116 ^ 0x2cc3b2fd;
				_v104 = 0xb70fe2;
				_v104 = _v104 * 0x61;
				_v104 = _v104 >> 0xd;
				_v104 = _v104 >> 9;
				_v104 = _v104 ^ 0x00000115;
				_v20 = 0x29c7ba;
				_v20 = _v20 / _t328;
				_v20 = _v20 ^ 0x0001123f;
				_v44 = 0xd235de;
				_t329 = 0x19;
				_v44 = _v44 * 0x34;
				_v44 = _v44 ^ 0x2ab83bf3;
				_v120 = 0x2b8a20;
				_v120 = _v120 / _t329;
				_v120 = _v120 + 0xd97b;
				_v120 = _v120 + 0x9745;
				_v120 = _v120 ^ 0x00091694;
				_v80 = 0x44ed89;
				_v80 = _v80 << 8;
				_v80 = _v80 + 0x6d47;
				_v80 = _v80 ^ 0x44e06617;
				_v84 = 0x8c3da4;
				_v84 = _v84 << 3;
				_v84 = _v84 + 0xffff28ee;
				_v84 = _v84 ^ 0x04621daf;
				_v88 = 0x7b0e01;
				_t330 = 0x2a;
				_v88 = _v88 * 0x7e;
				_v88 = _v88 / _t330;
				_v88 = _v88 ^ 0x01771ea0;
				_v48 = 0xf210e7;
				_t331 = 0x56;
				_v48 = _v48 / _t331;
				_v48 = _v48 ^ 0x000151ed;
				_v52 = 0xb85aaa;
				_v52 = _v52 ^ 0x7279f80c;
				_v52 = _v52 ^ 0x72c0fdc9;
				_v108 = 0xe210ad;
				_v108 = _v108 + 0xffffc30f;
				_v108 = _v108 ^ 0xff005d9c;
				_v108 = _v108 ^ 0x468aee4e;
				_v108 = _v108 ^ 0xb96c249f;
				_v36 = 0xf02045;
				_t332 = 0x7e;
				_v36 = _v36 * 0x7d;
				_v36 = _v36 ^ 0x753d6877;
				_v76 = 0x890c0b;
				_v76 = _v76 | 0x3fa19484;
				_v76 = _v76 + 0xc76f;
				_v76 = _v76 ^ 0x3fa932ba;
				_v112 = 0xdcee96;
				_v112 = _v112 << 0xb;
				_v112 = _v112 / _t332;
				_v112 = _v112 ^ 0x6c4d9ccb;
				_v112 = _v112 ^ 0x6d94fd95;
				_v56 = 0x741505;
				_t333 = 0x1d;
				_v56 = _v56 / _t333;
				_v56 = _v56 + 0xe34c;
				_v56 = _v56 ^ 0x00059e64;
				_v24 = 0xde7835;
				_t334 = 0x73;
				_v24 = _v24 * 7;
				_v24 = _v24 ^ 0x0614b333;
				_v28 = 0x817a7e;
				_v28 = _v28 + 0x50ff;
				_v28 = _v28 ^ 0x008db9da;
				_v60 = 0x30460f;
				_v60 = _v60 | 0x5b476089;
				_v60 = _v60 + 0x7857;
				_v60 = _v60 ^ 0x5b7b85ad;
				_v64 = 0x3287c5;
				_v64 = _v64 >> 0x10;
				_v64 = _v64 | 0xf6bf374a;
				_v64 = _v64 ^ 0xf6be02d9;
				_v68 = 0xbf5def;
				_v68 = _v68 + 0xffff47b3;
				_v68 = _v68 + 0xffff0d11;
				_v68 = _v68 ^ 0x00bf58a8;
				_v72 = 0xc5c956;
				_v72 = _v72 ^ 0x0920ed5d;
				_v72 = _v72 / _t334;
				_v72 = _v72 ^ 0x00102287;
				_v16 = 0x6e7810;
				_v16 = _v16 + 0xffff2e79;
				_v16 = _v16 ^ 0x0061adb7;
				_v96 = 0xe3f1bb;
				_v96 = _v96 | 0x17c89f2a;
				_v96 = _v96 ^ 0x2d56d01e;
				_v96 = _v96 ^ 0x01e2669f;
				_v96 = _v96 ^ 0x3b5230bc;
				_v100 = 0x967d31;
				_v100 = _v100 | 0xebdf376e;
				_v100 = _v100 + 0x87ad;
				_v100 = _v100 ^ 0xebeed43d;
				do {
					while(_t301 != 0x242fff5) {
						if(_t301 == 0x95dc10a) {
							_push(_t301);
							_push(_t301);
							_t294 = E02BBC5D8(_v8);
							_t337 =  &(_t337[3]);
							_v12 = _t294;
							if(_t294 != 0) {
								_t301 = 0x242fff5;
								continue;
							}
						} else {
							if(_t301 == 0xb01d963) {
								_t295 =  *0x2bd6224; // 0x0
								_t297 = E02BB2194(_v40, _v44, _t301, _v120, _v80, _v124, _v84, _v88, _t301, _v48,  *_t327, _v52,  &_v8,  *((intOrPtr*)(_t327 + 4)), _v92,  *_t295, _t325);
								_t337 =  &(_t337[0xf]);
								if(_t297 == _v116) {
									_t301 = 0x95dc10a;
									continue;
								}
							} else {
								if(_t301 == 0xb93db5b) {
									E02BD2B09(_v16, _v12, _v96, _v100);
								} else {
									if(_t301 != 0xeae8bd1) {
										goto L13;
									} else {
										_t301 = 0xb01d963;
										continue;
									}
								}
							}
						}
						L17:
						return _t325;
					}
					_t284 =  *0x2bd6224; // 0x0
					_t286 = E02BB2194(_v8, _v56, _t301, _v24, _v28, _v104, _v60, _v64, _t301, _v68,  *_t327, _v72,  &_v8,  *((intOrPtr*)(_t327 + 4)), _v32,  *_t284, _v12);
					_t337 =  &(_t337[0xf]);
					if(_t286 == _v20) {
						 *_t299 = _v12;
						_t325 = 1;
						 *((intOrPtr*)(_t299 + 4)) = _v8;
					} else {
						_t301 = 0xb93db5b;
						goto L13;
					}
					goto L17;
					L13:
				} while (_t301 != 0xf5a5c60);
				goto L17;
			}



















































                                                                                                          0x02bbfb92
                                                                                                          0x02bbfb9c
                                                                                                          0x02bbfba3
                                                                                                          0x02bbfba5
                                                                                                          0x02bbfba6
                                                                                                          0x02bbfba7
                                                                                                          0x02bbfba8
                                                                                                          0x02bbfbad
                                                                                                          0x02bbfbb5
                                                                                                          0x02bbfbb8
                                                                                                          0x02bbfbc4
                                                                                                          0x02bbfbc6
                                                                                                          0x02bbfbcd
                                                                                                          0x02bbfbd0
                                                                                                          0x02bbfbd4
                                                                                                          0x02bbfbdc
                                                                                                          0x02bbfbe4
                                                                                                          0x02bbfbec
                                                                                                          0x02bbfbf4
                                                                                                          0x02bbfbfc
                                                                                                          0x02bbfc04
                                                                                                          0x02bbfc0c
                                                                                                          0x02bbfc14
                                                                                                          0x02bbfc21
                                                                                                          0x02bbfc25
                                                                                                          0x02bbfc2d
                                                                                                          0x02bbfc35
                                                                                                          0x02bbfc3d
                                                                                                          0x02bbfc42
                                                                                                          0x02bbfc47
                                                                                                          0x02bbfc4f
                                                                                                          0x02bbfc57
                                                                                                          0x02bbfc64
                                                                                                          0x02bbfc68
                                                                                                          0x02bbfc6d
                                                                                                          0x02bbfc72
                                                                                                          0x02bbfc7a
                                                                                                          0x02bbfc8a
                                                                                                          0x02bbfc8e
                                                                                                          0x02bbfc96
                                                                                                          0x02bbfca3
                                                                                                          0x02bbfca6
                                                                                                          0x02bbfcaa
                                                                                                          0x02bbfcb2
                                                                                                          0x02bbfcc2
                                                                                                          0x02bbfcc6
                                                                                                          0x02bbfcce
                                                                                                          0x02bbfcd6
                                                                                                          0x02bbfcde
                                                                                                          0x02bbfce6
                                                                                                          0x02bbfceb
                                                                                                          0x02bbfcf3
                                                                                                          0x02bbfcfb
                                                                                                          0x02bbfd03
                                                                                                          0x02bbfd08
                                                                                                          0x02bbfd10
                                                                                                          0x02bbfd18
                                                                                                          0x02bbfd25
                                                                                                          0x02bbfd26
                                                                                                          0x02bbfd30
                                                                                                          0x02bbfd34
                                                                                                          0x02bbfd3e
                                                                                                          0x02bbfd4c
                                                                                                          0x02bbfd51
                                                                                                          0x02bbfd57
                                                                                                          0x02bbfd5f
                                                                                                          0x02bbfd67
                                                                                                          0x02bbfd6f
                                                                                                          0x02bbfd77
                                                                                                          0x02bbfd7f
                                                                                                          0x02bbfd87
                                                                                                          0x02bbfd8f
                                                                                                          0x02bbfd97
                                                                                                          0x02bbfd9f
                                                                                                          0x02bbfdac
                                                                                                          0x02bbfdaf
                                                                                                          0x02bbfdb3
                                                                                                          0x02bbfdbb
                                                                                                          0x02bbfdc3
                                                                                                          0x02bbfdcb
                                                                                                          0x02bbfdd3
                                                                                                          0x02bbfddb
                                                                                                          0x02bbfde3
                                                                                                          0x02bbfdf0
                                                                                                          0x02bbfdf4
                                                                                                          0x02bbfdfc
                                                                                                          0x02bbfe04
                                                                                                          0x02bbfe10
                                                                                                          0x02bbfe15
                                                                                                          0x02bbfe1b
                                                                                                          0x02bbfe23
                                                                                                          0x02bbfe2b
                                                                                                          0x02bbfe38
                                                                                                          0x02bbfe39
                                                                                                          0x02bbfe3d
                                                                                                          0x02bbfe45
                                                                                                          0x02bbfe4d
                                                                                                          0x02bbfe55
                                                                                                          0x02bbfe5d
                                                                                                          0x02bbfe65
                                                                                                          0x02bbfe6d
                                                                                                          0x02bbfe75
                                                                                                          0x02bbfe7d
                                                                                                          0x02bbfe85
                                                                                                          0x02bbfe8a
                                                                                                          0x02bbfe92
                                                                                                          0x02bbfe9a
                                                                                                          0x02bbfea2
                                                                                                          0x02bbfeaa
                                                                                                          0x02bbfeb2
                                                                                                          0x02bbfeba
                                                                                                          0x02bbfec2
                                                                                                          0x02bbfed0
                                                                                                          0x02bbfed4
                                                                                                          0x02bbfedc
                                                                                                          0x02bbfee4
                                                                                                          0x02bbfeec
                                                                                                          0x02bbfef4
                                                                                                          0x02bbfefc
                                                                                                          0x02bbff04
                                                                                                          0x02bbff0c
                                                                                                          0x02bbff14
                                                                                                          0x02bbff1c
                                                                                                          0x02bbff24
                                                                                                          0x02bbff31
                                                                                                          0x02bbff39
                                                                                                          0x02bbff41
                                                                                                          0x02bbff41
                                                                                                          0x02bbff4f
                                                                                                          0x02bbffed
                                                                                                          0x02bbffee
                                                                                                          0x02bbfff6
                                                                                                          0x02bbfffb
                                                                                                          0x02bbfffe
                                                                                                          0x02bc0007
                                                                                                          0x02bc000d
                                                                                                          0x00000000
                                                                                                          0x02bc000d
                                                                                                          0x02bbff55
                                                                                                          0x02bbff5b
                                                                                                          0x02bbff7c
                                                                                                          0x02bbffc1
                                                                                                          0x02bbffc6
                                                                                                          0x02bbffcd
                                                                                                          0x02bbffd3
                                                                                                          0x00000000
                                                                                                          0x02bbffd3
                                                                                                          0x02bbff5d
                                                                                                          0x02bbff63
                                                                                                          0x02bc009c
                                                                                                          0x02bbff69
                                                                                                          0x02bbff6f
                                                                                                          0x00000000
                                                                                                          0x02bbff75
                                                                                                          0x02bbff75
                                                                                                          0x00000000
                                                                                                          0x02bbff75
                                                                                                          0x02bbff6f
                                                                                                          0x02bbff63
                                                                                                          0x02bbff5b
                                                                                                          0x02bc00bb
                                                                                                          0x02bc00c4
                                                                                                          0x02bc00c4
                                                                                                          0x02bc001b
                                                                                                          0x02bc0065
                                                                                                          0x02bc006a
                                                                                                          0x02bc0071
                                                                                                          0x02bc00ae
                                                                                                          0x02bc00b0
                                                                                                          0x02bc00b8
                                                                                                          0x02bc0073
                                                                                                          0x02bc0073
                                                                                                          0x00000000
                                                                                                          0x02bc0073
                                                                                                          0x00000000
                                                                                                          0x02bc0078
                                                                                                          0x02bc0078
                                                                                                          0x00000000

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: Gm$L$Wx$] $wh=u
                                                                                                          • API String ID: 0-1494249286
                                                                                                          • Opcode ID: 507b33174efc95957f3e9cc52b2bfc9ca88b92acf050cc52ef0cfb07422bff98
                                                                                                          • Instruction ID: 622bb7db6501001f614acea7d06fb7934894bb2ed83216e87b1006cf28cff6ba
                                                                                                          • Opcode Fuzzy Hash: 507b33174efc95957f3e9cc52b2bfc9ca88b92acf050cc52ef0cfb07422bff98
                                                                                                          • Instruction Fuzzy Hash: 43D11F724093809FD768CF65C88995BFBF2FB89758F20891DF29586260D7B28949CF43
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BC8D3D, Relevance: 6.4, Strings: 5, Instructions: 143COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 97%
                                                                                                          			E02BC8D3D() {
				signed int _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _t139;
				intOrPtr _t141;
				intOrPtr _t147;
				signed int _t151;
				signed int _t152;
				signed int _t153;
				signed int _t154;
				intOrPtr* _t155;
				signed int _t170;
				void* _t172;
				signed int* _t174;

				_t174 =  &_v60;
				_v4 = _v4 & 0x00000000;
				_v16 = 0xb96ea3;
				_v12 = 0x2b597c;
				_v8 = 0x15d14c;
				_v24 = 0xfb9f01;
				_v24 = _v24 + 0xffffc2ea;
				_v24 = _v24 ^ 0x00f09b24;
				_v28 = 0x44d8ac;
				_v28 = _v28 << 2;
				_v28 = _v28 ^ 0x0118b46b;
				_v56 = 0xb4bcfb;
				_v56 = _v56 >> 0x10;
				_v56 = _v56 + 0x1918;
				_t151 = 0x33;
				_v56 = _v56 / _t151;
				_t172 = 0x18a299a;
				_v56 = _v56 ^ 0x00075f97;
				_v60 = 0x54631c;
				_t152 = 0x32;
				_v60 = _v60 / _t152;
				_v60 = _v60 + 0xe0cb;
				_v60 = _v60 + 0x7b8a;
				_v60 = _v60 ^ 0x000a1fda;
				_v32 = 0x2b0ed;
				_v32 = _v32 >> 0xb;
				_v32 = _v32 | 0x09ea9e28;
				_v32 = _v32 ^ 0x09ed7baa;
				_v48 = 0x16a7f0;
				_v48 = _v48 << 6;
				_t170 = 0x54;
				_v48 = _v48 / _t170;
				_t153 = 0x50;
				_v48 = _v48 / _t153;
				_v48 = _v48 ^ 0x000d9328;
				_v52 = 0x3f1fdb;
				_v52 = _v52 | 0x0053e637;
				_v52 = _v52 ^ 0xce168c33;
				_v52 = _v52 >> 4;
				_v52 = _v52 ^ 0x0ce6f5f4;
				_v36 = 0x33e495;
				_v36 = _v36 + 0xc7cc;
				_v36 = _v36 / _t170;
				_v36 = _v36 + 0x230d;
				_v36 = _v36 ^ 0x000308d4;
				_v40 = 0xaa804b;
				_t139 = _v40;
				_t154 = 0x42;
				_t169 = _t139 % _t154;
				_v40 = _t139 / _t154;
				_v40 = _v40 + 0xffff246c;
				_v40 = _v40 >> 7;
				_v40 = _v40 ^ 0x000d5f20;
				_v44 = 0x5ad1c5;
				_v44 = _v44 + 0x4d5e;
				_v44 = _v44 + 0xffff9f53;
				_v44 = _v44 + 0xffff11b0;
				_v44 = _v44 ^ 0x005bbdbb;
				_v20 = 0x89125f;
				_v20 = _v20 ^ 0x0bb83411;
				_v20 = _v20 ^ 0x0b3ba340;
				_t155 =  *0x2bd6208; // 0x0
				do {
					while(_t172 != 0x550abf) {
						if(_t172 == 0x18a299a) {
							_push(_t155);
							_push(_t155);
							_t155 = E02BBC5D8(0x2c);
							_t174 =  &(_t174[3]);
							 *0x2bd6208 = _t155;
							_t172 = 0x550abf;
							continue;
						} else {
							if(_t172 != 0x6125a42) {
								goto L8;
							} else {
								_t147 = E02BC0EBC(_v36, _t169, _v40, _t155, _v44, _v20, _t155, _t155, 0, E02BD36AA);
								_t155 =  *0x2bd6208; // 0x0
								 *_t155 = _t147;
							}
						}
						L5:
						return 0 | _t155 != 0x00000000;
					}
					_t169 = _v48;
					_t141 = E02BB48DD(_v32, _v48, _v52);
					_t155 =  *0x2bd6208; // 0x0
					_t174 = _t174 - 0x10 + 0x14;
					_t172 = 0x6125a42;
					 *((intOrPtr*)(_t155 + 0x18)) = _t141;
					L8:
				} while (_t172 != 0x92686f5);
				goto L5;
			}





























                                                                                                          0x02bc8d3d
                                                                                                          0x02bc8d40
                                                                                                          0x02bc8d47
                                                                                                          0x02bc8d4f
                                                                                                          0x02bc8d57
                                                                                                          0x02bc8d5f
                                                                                                          0x02bc8d67
                                                                                                          0x02bc8d6f
                                                                                                          0x02bc8d77
                                                                                                          0x02bc8d7f
                                                                                                          0x02bc8d84
                                                                                                          0x02bc8d8c
                                                                                                          0x02bc8d94
                                                                                                          0x02bc8d99
                                                                                                          0x02bc8dab
                                                                                                          0x02bc8db5
                                                                                                          0x02bc8db9
                                                                                                          0x02bc8dbb
                                                                                                          0x02bc8dc3
                                                                                                          0x02bc8dd1
                                                                                                          0x02bc8dd6
                                                                                                          0x02bc8dda
                                                                                                          0x02bc8de2
                                                                                                          0x02bc8dea
                                                                                                          0x02bc8df2
                                                                                                          0x02bc8dfa
                                                                                                          0x02bc8dff
                                                                                                          0x02bc8e07
                                                                                                          0x02bc8e0f
                                                                                                          0x02bc8e17
                                                                                                          0x02bc8e22
                                                                                                          0x02bc8e27
                                                                                                          0x02bc8e31
                                                                                                          0x02bc8e36
                                                                                                          0x02bc8e3a
                                                                                                          0x02bc8e42
                                                                                                          0x02bc8e4a
                                                                                                          0x02bc8e52
                                                                                                          0x02bc8e5a
                                                                                                          0x02bc8e5f
                                                                                                          0x02bc8e67
                                                                                                          0x02bc8e6f
                                                                                                          0x02bc8e7f
                                                                                                          0x02bc8e85
                                                                                                          0x02bc8e8d
                                                                                                          0x02bc8e95
                                                                                                          0x02bc8e9d
                                                                                                          0x02bc8ea1
                                                                                                          0x02bc8ea2
                                                                                                          0x02bc8ea4
                                                                                                          0x02bc8ea8
                                                                                                          0x02bc8eb0
                                                                                                          0x02bc8eb5
                                                                                                          0x02bc8ebd
                                                                                                          0x02bc8ec5
                                                                                                          0x02bc8ecd
                                                                                                          0x02bc8ed5
                                                                                                          0x02bc8ee2
                                                                                                          0x02bc8eef
                                                                                                          0x02bc8ef7
                                                                                                          0x02bc8eff
                                                                                                          0x02bc8f07
                                                                                                          0x02bc8f0d
                                                                                                          0x02bc8f0d
                                                                                                          0x02bc8f13
                                                                                                          0x02bc8f66
                                                                                                          0x02bc8f67
                                                                                                          0x02bc8f6f
                                                                                                          0x02bc8f71
                                                                                                          0x02bc8f74
                                                                                                          0x02bc8f7a
                                                                                                          0x00000000
                                                                                                          0x02bc8f15
                                                                                                          0x02bc8f17
                                                                                                          0x00000000
                                                                                                          0x02bc8f1d
                                                                                                          0x02bc8f37
                                                                                                          0x02bc8f3c
                                                                                                          0x02bc8f45
                                                                                                          0x02bc8f45
                                                                                                          0x02bc8f17
                                                                                                          0x02bc8f48
                                                                                                          0x02bc8f55
                                                                                                          0x02bc8f55
                                                                                                          0x02bc8f85
                                                                                                          0x02bc8f8d
                                                                                                          0x02bc8f92
                                                                                                          0x02bc8f98
                                                                                                          0x02bc8f9b
                                                                                                          0x02bc8f9d
                                                                                                          0x02bc8fa0
                                                                                                          0x02bc8fa0
                                                                                                          0x00000000

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: #$ _$7S$^M$|Y+
                                                                                                          • API String ID: 0-3744723356
                                                                                                          • Opcode ID: 9f203dccc28dc55807583b025ef5e19ef4f715a4a73a1e5a181349034cabeaa9
                                                                                                          • Instruction ID: d38b916fb2295734850382ccfc9b98e8352679c4a84a76a6663bbb6cd5533ce9
                                                                                                          • Opcode Fuzzy Hash: 9f203dccc28dc55807583b025ef5e19ef4f715a4a73a1e5a181349034cabeaa9
                                                                                                          • Instruction Fuzzy Hash: 4C5144719083419FD348DF25D48A54BBBE1FBC8768F108E1DF099A6260D3B58A49CF8A
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BC437A, Relevance: 5.4, Strings: 4, Instructions: 412COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 82%
                                                                                                          			E02BC437A(intOrPtr* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, signed int _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				intOrPtr* _v156;
				intOrPtr _v168;
				char _v228;
				short _v772;
				short _v774;
				char _v776;
				signed int _v820;
				char _v1340;
				char _v1860;
				void* _t400;
				signed int _t441;
				signed int _t445;
				intOrPtr _t447;
				intOrPtr _t458;
				void* _t460;
				void* _t508;
				signed int _t519;
				signed int _t520;
				signed int _t521;
				signed int _t522;
				signed int _t523;
				signed int _t524;
				signed int _t525;
				signed int _t526;
				signed int _t527;
				signed int _t528;
				signed int _t529;
				signed int _t530;
				signed int _t531;
				signed int _t532;
				intOrPtr* _t534;
				void* _t537;
				void* _t538;

				_t458 = _a24;
				_push(_t458);
				_push(_a20);
				_t534 = __ecx;
				_push(_a16);
				_v156 = __ecx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E02BCFE29(_t400);
				_v152 = 0x1ee029;
				_t538 = _t537 + 0x20;
				_t460 = 0xf0aa094;
				_t519 = 0x59;
				_v152 = _v152 * 0x53;
				_v152 = _v152 ^ 0x0a02ad5b;
				_v120 = 0x2e5311;
				_v120 = _v120 ^ 0xe660d2f8;
				_v120 = _v120 ^ 0xe649fc28;
				_v80 = 0x91358;
				_v80 = _v80 * 0x29;
				_v80 = _v80 | 0x1917a6d7;
				_v80 = _v80 ^ 0x197ed78c;
				_v96 = 0x864d8a;
				_v96 = _v96 * 0x68;
				_v96 = _v96 / _t519;
				_v96 = _v96 ^ 0x00977d81;
				_v104 = 0x73430f;
				_t520 = 0x22;
				_v104 = _v104 / _t520;
				_v104 = _v104 << 7;
				_v104 = _v104 ^ 0x01b21e30;
				_v128 = 0x2ef155;
				_t521 = 0xc;
				_v128 = _v128 / _t521;
				_v128 = _v128 ^ 0x0005732d;
				_v12 = 0x61311f;
				_t522 = 0x51;
				_v12 = _v12 / _t522;
				_v12 = _v12 >> 0xa;
				_v12 = _v12 << 9;
				_v12 = _v12 ^ 0x00018224;
				_v112 = 0x2a9ecd;
				_v112 = _v112 << 8;
				_v112 = _v112 + 0x4b18;
				_v112 = _v112 ^ 0x2a91adfb;
				_v44 = 0x8c67a3;
				_v44 = _v44 + 0xbf2c;
				_t523 = 0x1a;
				_v44 = _v44 / _t523;
				_v44 = _v44 << 0xc;
				_v44 = _v44 ^ 0x56d2d87d;
				_v20 = 0xb2272e;
				_t524 = 0x6b;
				_v20 = _v20 / _t524;
				_v20 = _v20 << 5;
				_v20 = _v20 + 0xffffd823;
				_v20 = _v20 ^ 0x003105de;
				_v144 = 0x2b3b33;
				_t525 = 0x2b;
				_v144 = _v144 * 0x23;
				_v144 = _v144 ^ 0x05e29440;
				_v52 = 0xfb7274;
				_v52 = _v52 + 0xffff2a15;
				_v52 = _v52 + 0xffff332b;
				_v52 = _v52 >> 9;
				_v52 = _v52 ^ 0x000fdf14;
				_v88 = 0xc646f0;
				_v88 = _v88 >> 1;
				_v88 = _v88 + 0xffff0542;
				_v88 = _v88 ^ 0x0060230d;
				_v136 = 0x21355;
				_v136 = _v136 + 0x6ddd;
				_v136 = _v136 ^ 0x000c09c4;
				_v148 = 0xba736e;
				_v148 = _v148 + 0xffff584e;
				_v148 = _v148 ^ 0x00bc780c;
				_v72 = 0xf06361;
				_v72 = _v72 >> 4;
				_v72 = _v72 ^ 0xd5eeb61d;
				_v72 = _v72 ^ 0xd5e3ba03;
				_v68 = 0x39c1e1;
				_v68 = _v68 / _t525;
				_v68 = _v68 << 0xc;
				_v68 = _v68 ^ 0x157dcab9;
				_v28 = 0x7b1c58;
				_v28 = _v28 + 0x44f9;
				_v28 = _v28 + 0xe0d1;
				_v28 = _v28 | 0x2c17f99e;
				_v28 = _v28 ^ 0x2c795b23;
				_v8 = 0x6811e0;
				_t526 = 0x7d;
				_v8 = _v8 / _t526;
				_t527 = 0x6c;
				_v8 = _v8 / _t527;
				_t528 = 6;
				_v8 = _v8 / _t528;
				_v8 = _v8 ^ 0x00012ce9;
				_v84 = 0x1c9c1b;
				_v84 = _v84 ^ 0x05ddd281;
				_v84 = _v84 >> 5;
				_v84 = _v84 ^ 0x002853b0;
				_v76 = 0xb1555b;
				_v76 = _v76 << 7;
				_v76 = _v76 * 0x47;
				_v76 = _v76 ^ 0x9758833c;
				_v36 = 0x114b6d;
				_v36 = _v36 ^ 0x431dffba;
				_v36 = _v36 >> 3;
				_v36 = _v36 + 0x181d;
				_v36 = _v36 ^ 0x086a5704;
				_v60 = 0xa17b63;
				_v60 = _v60 ^ 0x190e6497;
				_v60 = _v60 ^ 0xa9f7cd41;
				_v60 = _v60 << 9;
				_v60 = _v60 ^ 0xb1a3277b;
				_v24 = 0xc713d;
				_v24 = _v24 + 0xc399;
				_v24 = _v24 << 4;
				_v24 = _v24 + 0xfffffd24;
				_v24 = _v24 ^ 0x00d339a4;
				_v16 = 0xef5337;
				_t529 = 0x2b;
				_v16 = _v16 / _t529;
				_v16 = _v16 | 0x2bad32d2;
				_v16 = _v16 + 0xfffffea2;
				_v16 = _v16 ^ 0x2bafb8a8;
				_v100 = 0x51ad29;
				_v100 = _v100 << 0xd;
				_v100 = _v100 ^ 0x8b9fc663;
				_v100 = _v100 ^ 0xbe3a4459;
				_v92 = 0x2bdd9f;
				_t530 = 0x14;
				_v92 = _v92 / _t530;
				_v92 = _v92 + 0xffff92be;
				_v92 = _v92 ^ 0x000ebd35;
				_v140 = 0x9e48cc;
				_v140 = _v140 << 0xd;
				_v140 = _v140 ^ 0xc915160c;
				_v108 = 0xd84d8a;
				_v108 = _v108 >> 0x10;
				_v108 = _v108 >> 0xf;
				_v108 = _v108 ^ 0x0004338e;
				_v40 = 0xc226eb;
				_v40 = _v40 << 2;
				_v40 = _v40 + 0xfffff267;
				_v40 = _v40 << 0x10;
				_v40 = _v40 ^ 0x8e1c4dbd;
				_v32 = 0xa8fcf7;
				_v32 = _v32 * 0x2f;
				_v32 = _v32 / _t530;
				_t531 = 0x59;
				_v32 = _v32 * 0x62;
				_v32 = _v32 ^ 0x9808cd5a;
				_v56 = 0xfa54e1;
				_v56 = _v56 + 0xffff7ead;
				_v56 = _v56 << 6;
				_v56 = _v56 / _t531;
				_v56 = _v56 ^ 0x00b2c623;
				_v132 = 0x7ed953;
				_v132 = _v132 ^ 0x188046ff;
				_v132 = _v132 ^ 0x18f64c45;
				_v124 = 0x5f3094;
				_v124 = _v124 ^ 0xdd2f4899;
				_v124 = _v124 ^ 0xdd733dae;
				_v48 = 0x3fdd04;
				_v48 = _v48 + 0xdca9;
				_v48 = _v48 ^ 0x51a2bdec;
				_v48 = _v48 + 0xffffe9fd;
				_v48 = _v48 ^ 0x51eeddfc;
				_v116 = 0x86a662;
				_t532 = 0x3e;
				_t533 = _v156;
				_v116 = _v116 / _t532;
				_v116 = _v116 * 0x73;
				_v116 = _v116 ^ 0x00fd398d;
				_v64 = 0x72f53e;
				_v64 = _v64 + 0x31db;
				_v64 = _v64 >> 6;
				_v64 = _v64 + 0xffff6dcd;
				_v64 = _v64 ^ 0x0003149a;
				while(1) {
					_t508 = 0x2e;
					L2:
					while(_t460 != 0x9b6cb5) {
						if(_t460 == 0x44804ea) {
							__eflags = _v820 & _v152;
							if(__eflags == 0) {
								_t445 =  *_t534( &_v820,  &_v228);
								asm("sbb ecx, ecx");
								_t460 = ( ~_t445 & 0xfb5d1634) + 0x53e5681;
								while(1) {
									_t508 = 0x2e;
									goto L2;
								}
							}
							__eflags = _v776 - _t508;
							if(_v776 != _t508) {
								L18:
								__eflags = _a16;
								if(__eflags != 0) {
									_push(_v28);
									_push(_v68);
									_push(_v72);
									E02BD2D0A(_v84, __eflags,  &_v776, _v76, _v36, _v60, E02BB16DC,  &_v1860, _t458, E02BCE1F8(E02BB16DC, _v148, __eflags));
									E02BC437A(_v156, _v24, _v16, _v100, _v92, _a16, _a20,  &_v1860);
									_t447 = E02BCFECB(_t452, _v140, _v108, _v40, _v32);
									_t534 = _v156;
									_t538 = _t538 + 0x50;
									_t508 = 0x2e;
								}
								L17:
								_t460 = 0x9b6cb5;
								continue;
							}
							__eflags = _v774;
							if(__eflags == 0) {
								goto L17;
							}
							__eflags = _v774 - _t508;
							if(_v774 != _t508) {
								goto L18;
							}
							__eflags = _v772;
							if(__eflags != 0) {
								goto L18;
							}
							goto L17;
						}
						if(_t460 == 0x481089e) {
							_t447 = E02BC2DA7( &_v820, _v88, _v136,  &_v1340);
							_t533 = _t447;
							__eflags = _t447 - 0xffffffff;
							if(__eflags == 0) {
								return _t447;
							}
							_t460 = 0x44804ea;
							while(1) {
								_t508 = 0x2e;
								goto L2;
							}
						}
						if(_t460 == 0x53e5681) {
							return E02BBBEA1(_v116, _v64, _t533);
						}
						if(_t460 == 0xeb5715f) {
							_push(_v104);
							_push(_v96);
							_push(_v80);
							E02BC2C9C(_v12, __eflags, E02BCE1F8(0x2bb167c, _v120, __eflags),  &_v1340, 0x2bb167c, _v112, _t458);
							_t447 = E02BCFECB(_t449, _v44, _v20, _v144, _v52);
							_t534 = _v156;
							_t538 = _t538 + 0x2c;
							_t460 = 0x481089e;
							while(1) {
								_t508 = 0x2e;
								goto L2;
							}
						}
						if(_t460 != 0xf0aa094) {
							L24:
							__eflags = _t460 - 0x41075ad;
							if(__eflags != 0) {
								continue;
							}
							return _t447;
						}
						_v168 = _t458;
						_t460 = 0xeb5715f;
					}
					_t441 = E02BD0F1E(_v56, _v132,  &_v820, _v124, _v48, _t533);
					_t538 = _t538 + 0x10;
					__eflags = _t441;
					if(__eflags != 0) {
						_t460 = 0x44804ea;
						_t508 = 0x2e;
						goto L24;
					}
					_t460 = 0x53e5681;
				}
			}









































































                                                                                                          0x02bc4384
                                                                                                          0x02bc4389
                                                                                                          0x02bc438a
                                                                                                          0x02bc438d
                                                                                                          0x02bc438f
                                                                                                          0x02bc4392
                                                                                                          0x02bc4398
                                                                                                          0x02bc439b
                                                                                                          0x02bc439e
                                                                                                          0x02bc43a1
                                                                                                          0x02bc43a2
                                                                                                          0x02bc43a3
                                                                                                          0x02bc43a8
                                                                                                          0x02bc43b2
                                                                                                          0x02bc43be
                                                                                                          0x02bc43c5
                                                                                                          0x02bc43c6
                                                                                                          0x02bc43cc
                                                                                                          0x02bc43d6
                                                                                                          0x02bc43dd
                                                                                                          0x02bc43e4
                                                                                                          0x02bc43eb
                                                                                                          0x02bc43f8
                                                                                                          0x02bc43fb
                                                                                                          0x02bc4402
                                                                                                          0x02bc4409
                                                                                                          0x02bc4414
                                                                                                          0x02bc441e
                                                                                                          0x02bc4421
                                                                                                          0x02bc4428
                                                                                                          0x02bc4432
                                                                                                          0x02bc4437
                                                                                                          0x02bc443c
                                                                                                          0x02bc4440
                                                                                                          0x02bc4447
                                                                                                          0x02bc4451
                                                                                                          0x02bc4456
                                                                                                          0x02bc445b
                                                                                                          0x02bc4462
                                                                                                          0x02bc446c
                                                                                                          0x02bc4471
                                                                                                          0x02bc4476
                                                                                                          0x02bc447a
                                                                                                          0x02bc447e
                                                                                                          0x02bc4485
                                                                                                          0x02bc448c
                                                                                                          0x02bc4490
                                                                                                          0x02bc4497
                                                                                                          0x02bc449e
                                                                                                          0x02bc44a5
                                                                                                          0x02bc44af
                                                                                                          0x02bc44b2
                                                                                                          0x02bc44b5
                                                                                                          0x02bc44b9
                                                                                                          0x02bc44c0
                                                                                                          0x02bc44ce
                                                                                                          0x02bc44d3
                                                                                                          0x02bc44d8
                                                                                                          0x02bc44dc
                                                                                                          0x02bc44e3
                                                                                                          0x02bc44ea
                                                                                                          0x02bc44fb
                                                                                                          0x02bc44fe
                                                                                                          0x02bc4504
                                                                                                          0x02bc450e
                                                                                                          0x02bc4515
                                                                                                          0x02bc451c
                                                                                                          0x02bc4523
                                                                                                          0x02bc4527
                                                                                                          0x02bc452e
                                                                                                          0x02bc4535
                                                                                                          0x02bc4538
                                                                                                          0x02bc453f
                                                                                                          0x02bc4546
                                                                                                          0x02bc4550
                                                                                                          0x02bc455a
                                                                                                          0x02bc4564
                                                                                                          0x02bc456e
                                                                                                          0x02bc4578
                                                                                                          0x02bc4582
                                                                                                          0x02bc4589
                                                                                                          0x02bc458d
                                                                                                          0x02bc4594
                                                                                                          0x02bc459b
                                                                                                          0x02bc45a9
                                                                                                          0x02bc45ac
                                                                                                          0x02bc45b0
                                                                                                          0x02bc45b7
                                                                                                          0x02bc45be
                                                                                                          0x02bc45c5
                                                                                                          0x02bc45cc
                                                                                                          0x02bc45d3
                                                                                                          0x02bc45da
                                                                                                          0x02bc45e4
                                                                                                          0x02bc45e9
                                                                                                          0x02bc45f1
                                                                                                          0x02bc45f6
                                                                                                          0x02bc45fe
                                                                                                          0x02bc4601
                                                                                                          0x02bc4604
                                                                                                          0x02bc460b
                                                                                                          0x02bc4612
                                                                                                          0x02bc4619
                                                                                                          0x02bc461d
                                                                                                          0x02bc4624
                                                                                                          0x02bc462b
                                                                                                          0x02bc4633
                                                                                                          0x02bc4636
                                                                                                          0x02bc463d
                                                                                                          0x02bc4644
                                                                                                          0x02bc464b
                                                                                                          0x02bc464f
                                                                                                          0x02bc4656
                                                                                                          0x02bc465d
                                                                                                          0x02bc4664
                                                                                                          0x02bc466d
                                                                                                          0x02bc4674
                                                                                                          0x02bc4678
                                                                                                          0x02bc467f
                                                                                                          0x02bc4686
                                                                                                          0x02bc468d
                                                                                                          0x02bc4691
                                                                                                          0x02bc4698
                                                                                                          0x02bc469f
                                                                                                          0x02bc46ab
                                                                                                          0x02bc46b0
                                                                                                          0x02bc46b3
                                                                                                          0x02bc46ba
                                                                                                          0x02bc46c1
                                                                                                          0x02bc46c8
                                                                                                          0x02bc46cf
                                                                                                          0x02bc46d3
                                                                                                          0x02bc46da
                                                                                                          0x02bc46e1
                                                                                                          0x02bc46ed
                                                                                                          0x02bc46f2
                                                                                                          0x02bc46f5
                                                                                                          0x02bc46fc
                                                                                                          0x02bc4703
                                                                                                          0x02bc470d
                                                                                                          0x02bc4714
                                                                                                          0x02bc471e
                                                                                                          0x02bc4725
                                                                                                          0x02bc4729
                                                                                                          0x02bc472d
                                                                                                          0x02bc4734
                                                                                                          0x02bc473b
                                                                                                          0x02bc473f
                                                                                                          0x02bc4746
                                                                                                          0x02bc474a
                                                                                                          0x02bc4751
                                                                                                          0x02bc475e
                                                                                                          0x02bc4768
                                                                                                          0x02bc476f
                                                                                                          0x02bc4772
                                                                                                          0x02bc4775
                                                                                                          0x02bc477c
                                                                                                          0x02bc4783
                                                                                                          0x02bc478a
                                                                                                          0x02bc4795
                                                                                                          0x02bc4798
                                                                                                          0x02bc479f
                                                                                                          0x02bc47a6
                                                                                                          0x02bc47ad
                                                                                                          0x02bc47b4
                                                                                                          0x02bc47bb
                                                                                                          0x02bc47c2
                                                                                                          0x02bc47c9
                                                                                                          0x02bc47d0
                                                                                                          0x02bc47d7
                                                                                                          0x02bc47de
                                                                                                          0x02bc47e5
                                                                                                          0x02bc47ec
                                                                                                          0x02bc47f6
                                                                                                          0x02bc47f9
                                                                                                          0x02bc47ff
                                                                                                          0x02bc4806
                                                                                                          0x02bc4809
                                                                                                          0x02bc4810
                                                                                                          0x02bc4817
                                                                                                          0x02bc481e
                                                                                                          0x02bc4822
                                                                                                          0x02bc4829
                                                                                                          0x02bc4830
                                                                                                          0x02bc4832
                                                                                                          0x00000000
                                                                                                          0x02bc4833
                                                                                                          0x02bc4845
                                                                                                          0x02bc491b
                                                                                                          0x02bc4921
                                                                                                          0x02bc49f9
                                                                                                          0x02bc49ff
                                                                                                          0x02bc4a07
                                                                                                          0x02bc4830
                                                                                                          0x02bc4832
                                                                                                          0x00000000
                                                                                                          0x02bc4832
                                                                                                          0x02bc4830
                                                                                                          0x02bc4927
                                                                                                          0x02bc492e
                                                                                                          0x02bc4957
                                                                                                          0x02bc4957
                                                                                                          0x02bc495b
                                                                                                          0x02bc495d
                                                                                                          0x02bc4965
                                                                                                          0x02bc4968
                                                                                                          0x02bc499b
                                                                                                          0x02bc49bf
                                                                                                          0x02bc49d5
                                                                                                          0x02bc49da
                                                                                                          0x02bc49e0
                                                                                                          0x02bc49e5
                                                                                                          0x02bc49e5
                                                                                                          0x02bc494d
                                                                                                          0x02bc494d
                                                                                                          0x00000000
                                                                                                          0x02bc494d
                                                                                                          0x02bc4930
                                                                                                          0x02bc4938
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bc493a
                                                                                                          0x02bc4941
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bc4943
                                                                                                          0x02bc494b
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bc494b
                                                                                                          0x02bc4851
                                                                                                          0x02bc48f9
                                                                                                          0x02bc48fe
                                                                                                          0x02bc4902
                                                                                                          0x02bc4905
                                                                                                          0x02bc4a65
                                                                                                          0x02bc4a65
                                                                                                          0x02bc490b
                                                                                                          0x02bc4830
                                                                                                          0x02bc4832
                                                                                                          0x00000000
                                                                                                          0x02bc4832
                                                                                                          0x02bc4830
                                                                                                          0x02bc485d
                                                                                                          0x00000000
                                                                                                          0x02bc4a5e
                                                                                                          0x02bc4869
                                                                                                          0x02bc4884
                                                                                                          0x02bc488c
                                                                                                          0x02bc488f
                                                                                                          0x02bc48b2
                                                                                                          0x02bc48cb
                                                                                                          0x02bc48d0
                                                                                                          0x02bc48d6
                                                                                                          0x02bc48d9
                                                                                                          0x02bc4830
                                                                                                          0x02bc4832
                                                                                                          0x00000000
                                                                                                          0x02bc4832
                                                                                                          0x02bc4830
                                                                                                          0x02bc4871
                                                                                                          0x02bc4a44
                                                                                                          0x02bc4a44
                                                                                                          0x02bc4a4a
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bc4a4a
                                                                                                          0x02bc4877
                                                                                                          0x02bc487d
                                                                                                          0x02bc487d
                                                                                                          0x02bc4a26
                                                                                                          0x02bc4a2b
                                                                                                          0x02bc4a2e
                                                                                                          0x02bc4a30
                                                                                                          0x02bc4a3e
                                                                                                          0x02bc4a43
                                                                                                          0x00000000
                                                                                                          0x02bc4a43
                                                                                                          0x02bc4a32
                                                                                                          0x02bc4a32

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: #`$#[y,$3;+$7S
                                                                                                          • API String ID: 0-3740457175
                                                                                                          • Opcode ID: 5d091ee5c28133ecf7308bffdd982d33d73e56db53190ea5693ded909751d38b
                                                                                                          • Instruction ID: d47efe41dce7213bee791bd31940397cb31c2d32e605ae064cd0ea6fbd431111
                                                                                                          • Opcode Fuzzy Hash: 5d091ee5c28133ecf7308bffdd982d33d73e56db53190ea5693ded909751d38b
                                                                                                          • Instruction Fuzzy Hash: 56123671D00218DBDF28DFA5D989ADEBBB2FF44314F208199D11ABB260D7B05A96CF50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BD00EF, Relevance: 5.3, Strings: 4, Instructions: 274COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 94%
                                                                                                          			E02BD00EF(void* __ecx) {
				char _v520;
				char _v1040;
				char _v1560;
				void* _v1572;
				intOrPtr _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				unsigned int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _t303;
				void* _t316;
				signed int _t318;
				signed int _t319;
				signed int _t320;
				signed int _t321;
				signed int _t322;
				signed int _t323;
				signed int _t324;
				signed int _t325;
				signed int _t326;
				signed int _t327;
				signed int _t328;
				void* _t370;
				signed int* _t373;

				_t373 =  &_v1692;
				_v1576 = 0xe8da59;
				asm("stosd");
				_t316 = __ecx;
				_t318 = 0x5a;
				asm("stosd");
				_t370 = 0x219adc7;
				asm("stosd");
				_v1592 = 0x4cba20;
				_v1592 = _v1592 / _t318;
				_v1592 = _v1592 ^ 0x000e53d2;
				_v1660 = 0x37da44;
				_v1660 = _v1660 | 0x897b84ec;
				_v1660 = _v1660 >> 7;
				_v1660 = _v1660 ^ 0x011e0d16;
				_v1628 = 0x1c89a1;
				_v1628 = _v1628 | 0x8af6c41c;
				_v1628 = _v1628 ^ 0x8af282b8;
				_v1684 = 0xdb2dca;
				_v1684 = _v1684 | 0x5a04171c;
				_t319 = 0xb;
				_v1684 = _v1684 * 0x1a;
				_v1684 = _v1684 >> 0xb;
				_v1684 = _v1684 ^ 0x000c87cc;
				_v1676 = 0x832ed6;
				_v1676 = _v1676 / _t319;
				_t320 = 5;
				_v1676 = _v1676 / _t320;
				_v1676 = _v1676 ^ 0xed35e4ac;
				_v1676 = _v1676 ^ 0xed379c5b;
				_v1616 = 0xcbfb93;
				_v1616 = _v1616 >> 7;
				_v1616 = _v1616 ^ 0x000d5997;
				_v1688 = 0xe655f9;
				_v1688 = _v1688 + 0xffff9882;
				_t321 = 0x2b;
				_v1688 = _v1688 * 0xb;
				_v1688 = _v1688 * 0x5b;
				_v1688 = _v1688 ^ 0x83159ef1;
				_v1692 = 0xaa6b82;
				_v1692 = _v1692 | 0xcfd3fae0;
				_v1692 = _v1692 / _t321;
				_v1692 = _v1692 * 0x7a;
				_v1692 = _v1692 ^ 0x4e1b8b3c;
				_v1644 = 0x70af24;
				_v1644 = _v1644 << 5;
				_v1644 = _v1644 | 0xf364d4b3;
				_v1644 = _v1644 ^ 0xff7a96be;
				_v1668 = 0x4a582b;
				_v1668 = _v1668 * 0x66;
				_v1668 = _v1668 << 0xf;
				_v1668 = _v1668 ^ 0x909bc222;
				_v1636 = 0x31215f;
				_v1636 = _v1636 ^ 0x6923b039;
				_t322 = 0x29;
				_v1636 = _v1636 / _t322;
				_v1636 = _v1636 ^ 0x029cf3aa;
				_v1652 = 0x9b2524;
				_t323 = 0x38;
				_v1652 = _v1652 / _t323;
				_v1652 = _v1652 ^ 0x48c3dfd8;
				_v1652 = _v1652 ^ 0x48c1ce16;
				_v1608 = 0x82759;
				_v1608 = _v1608 >> 9;
				_v1608 = _v1608 ^ 0x000ff1e7;
				_v1580 = 0x9cb9ac;
				_v1580 = _v1580 + 0xffffe541;
				_v1580 = _v1580 ^ 0x0099fe2e;
				_v1648 = 0xf0b12f;
				_v1648 = _v1648 >> 3;
				_v1648 = _v1648 >> 0xc;
				_v1648 = _v1648 ^ 0x000b1180;
				_v1680 = 0x5a67b4;
				_t324 = 0x1f;
				_v1680 = _v1680 / _t324;
				_t325 = 0x30;
				_v1680 = _v1680 * 0x62;
				_v1680 = _v1680 / _t325;
				_v1680 = _v1680 ^ 0x000c0a94;
				_v1656 = 0x7af90a;
				_v1656 = _v1656 >> 0x10;
				_v1656 = _v1656 ^ 0xd48e11dc;
				_v1656 = _v1656 ^ 0xd48f85db;
				_v1664 = 0xc7c49c;
				_v1664 = _v1664 ^ 0x0b3147da;
				_v1664 = _v1664 ^ 0x91b20725;
				_v1664 = _v1664 ^ 0x9a45c1a7;
				_v1584 = 0x3444f6;
				_v1584 = _v1584 << 2;
				_v1584 = _v1584 ^ 0x00d71217;
				_v1624 = 0x130de1;
				_t326 = 0x58;
				_v1624 = _v1624 / _t326;
				_v1624 = _v1624 ^ 0x000fc6c7;
				_v1588 = 0xc870d9;
				_v1588 = _v1588 >> 7;
				_v1588 = _v1588 ^ 0x00060dd4;
				_v1600 = 0xa62b50;
				_v1600 = _v1600 | 0x0b3ea590;
				_v1600 = _v1600 ^ 0x0bb32963;
				_v1640 = 0x5829fa;
				_v1640 = _v1640 >> 0x10;
				_v1640 = _v1640 * 7;
				_v1640 = _v1640 ^ 0x000c8c8e;
				_v1620 = 0x9954e5;
				_v1620 = _v1620 | 0x46050794;
				_v1620 = _v1620 ^ 0x46999c00;
				_v1672 = 0x8b6b4f;
				_v1672 = _v1672 ^ 0x051743d3;
				_v1672 = _v1672 + 0x5fbf;
				_v1672 = _v1672 * 0x44;
				_v1672 = _v1672 ^ 0x7d983568;
				_v1596 = 0x4b105f;
				_v1596 = _v1596 ^ 0x074c3e20;
				_v1596 = _v1596 ^ 0x0709a291;
				_v1632 = 0x867cf1;
				_v1632 = _v1632 + 0x5758;
				_v1632 = _v1632 << 0xb;
				_v1632 = _v1632 ^ 0x36a3bfa7;
				_v1604 = 0x1e01e;
				_t327 = 0x6d;
				_v1604 = _v1604 / _t327;
				_v1604 = _v1604 ^ 0x000451f9;
				_v1612 = 0x51328f;
				_t328 = 0x66;
				_t303 = _v1612 / _t328;
				_v1612 = _t303;
				_v1612 = _v1612 ^ 0x000ccfe8;
				while(_t370 != 0x219adc7) {
					if(_t370 == 0x472b880) {
						_push(_t328);
						__eflags = 0;
						return E02BC85FF(_v1596, _v1632, 0, 0, 0,  &_v1560, _v1604, 0, _v1612);
					}
					_t379 = _t370 - 0x6430241;
					if(_t370 != 0x6430241) {
						L7:
						__eflags = _t370 - 0xc99ad3;
						if(__eflags != 0) {
							continue;
						} else {
							return _t303;
						}
						L10:
						return _t303;
					}
					E02BD0DB1(_v1592,  &_v1040, _t379, _v1660, _t328, _v1628);
					 *((short*)(E02BC09DD(_v1684,  &_v1040, _v1676, _v1616))) = 0;
					E02BBBAA9(_v1688, _v1692, _t379, _v1644, _v1668,  &_v520);
					_push(_v1580);
					_push(_v1608);
					_push(_v1652);
					E02BD2D0A(_v1680, _t379,  &_v520, _v1656, _v1664, _v1584, 0x2bb18bc,  &_v1560,  &_v1040, E02BCE1F8(0x2bb18bc, _v1636, _t379));
					E02BCFECB(_t310, _v1624, _v1588, _v1600, _v1640);
					_t328 = _v1620;
					_t303 = E02BBBFBE( &_v1560, _t316, _v1672);
					_t373 =  &(_t373[0x18]);
					if(_t303 != 0) {
						_t370 = 0x472b880;
						continue;
					}
					goto L10;
				}
				_t370 = 0x6430241;
				goto L7;
			}




















































                                                                                                          0x02bd00ef
                                                                                                          0x02bd00f5
                                                                                                          0x02bd010c
                                                                                                          0x02bd010d
                                                                                                          0x02bd0111
                                                                                                          0x02bd0114
                                                                                                          0x02bd0115
                                                                                                          0x02bd011a
                                                                                                          0x02bd011b
                                                                                                          0x02bd012b
                                                                                                          0x02bd012f
                                                                                                          0x02bd0137
                                                                                                          0x02bd013f
                                                                                                          0x02bd0147
                                                                                                          0x02bd014c
                                                                                                          0x02bd0154
                                                                                                          0x02bd015c
                                                                                                          0x02bd0164
                                                                                                          0x02bd016c
                                                                                                          0x02bd0174
                                                                                                          0x02bd0181
                                                                                                          0x02bd0184
                                                                                                          0x02bd0188
                                                                                                          0x02bd018d
                                                                                                          0x02bd0195
                                                                                                          0x02bd01a5
                                                                                                          0x02bd01ad
                                                                                                          0x02bd01b2
                                                                                                          0x02bd01b8
                                                                                                          0x02bd01c0
                                                                                                          0x02bd01c8
                                                                                                          0x02bd01d0
                                                                                                          0x02bd01d5
                                                                                                          0x02bd01dd
                                                                                                          0x02bd01e5
                                                                                                          0x02bd01f2
                                                                                                          0x02bd01f3
                                                                                                          0x02bd01fc
                                                                                                          0x02bd0200
                                                                                                          0x02bd0208
                                                                                                          0x02bd0210
                                                                                                          0x02bd021e
                                                                                                          0x02bd0227
                                                                                                          0x02bd022b
                                                                                                          0x02bd0233
                                                                                                          0x02bd023b
                                                                                                          0x02bd0240
                                                                                                          0x02bd0248
                                                                                                          0x02bd0250
                                                                                                          0x02bd025d
                                                                                                          0x02bd0261
                                                                                                          0x02bd0266
                                                                                                          0x02bd026e
                                                                                                          0x02bd0276
                                                                                                          0x02bd0286
                                                                                                          0x02bd028b
                                                                                                          0x02bd0291
                                                                                                          0x02bd0299
                                                                                                          0x02bd02a5
                                                                                                          0x02bd02aa
                                                                                                          0x02bd02b0
                                                                                                          0x02bd02b8
                                                                                                          0x02bd02c0
                                                                                                          0x02bd02c8
                                                                                                          0x02bd02cd
                                                                                                          0x02bd02d5
                                                                                                          0x02bd02e0
                                                                                                          0x02bd02eb
                                                                                                          0x02bd02f6
                                                                                                          0x02bd02fe
                                                                                                          0x02bd0303
                                                                                                          0x02bd0308
                                                                                                          0x02bd0310
                                                                                                          0x02bd031c
                                                                                                          0x02bd0321
                                                                                                          0x02bd032c
                                                                                                          0x02bd032f
                                                                                                          0x02bd033b
                                                                                                          0x02bd033f
                                                                                                          0x02bd0347
                                                                                                          0x02bd034f
                                                                                                          0x02bd0354
                                                                                                          0x02bd035c
                                                                                                          0x02bd0364
                                                                                                          0x02bd036c
                                                                                                          0x02bd0374
                                                                                                          0x02bd037c
                                                                                                          0x02bd0384
                                                                                                          0x02bd038f
                                                                                                          0x02bd0397
                                                                                                          0x02bd03a2
                                                                                                          0x02bd03ae
                                                                                                          0x02bd03b1
                                                                                                          0x02bd03b5
                                                                                                          0x02bd03bd
                                                                                                          0x02bd03c5
                                                                                                          0x02bd03ca
                                                                                                          0x02bd03d2
                                                                                                          0x02bd03da
                                                                                                          0x02bd03e2
                                                                                                          0x02bd03ea
                                                                                                          0x02bd03f2
                                                                                                          0x02bd03fc
                                                                                                          0x02bd0400
                                                                                                          0x02bd0408
                                                                                                          0x02bd0410
                                                                                                          0x02bd0418
                                                                                                          0x02bd0420
                                                                                                          0x02bd0428
                                                                                                          0x02bd0430
                                                                                                          0x02bd043d
                                                                                                          0x02bd0441
                                                                                                          0x02bd0449
                                                                                                          0x02bd0451
                                                                                                          0x02bd045b
                                                                                                          0x02bd0468
                                                                                                          0x02bd0475
                                                                                                          0x02bd047d
                                                                                                          0x02bd0482
                                                                                                          0x02bd048a
                                                                                                          0x02bd0498
                                                                                                          0x02bd049d
                                                                                                          0x02bd04a3
                                                                                                          0x02bd04ab
                                                                                                          0x02bd04b7
                                                                                                          0x02bd04b8
                                                                                                          0x02bd04ba
                                                                                                          0x02bd04be
                                                                                                          0x02bd04c6
                                                                                                          0x02bd04d4
                                                                                                          0x02bd05e9
                                                                                                          0x02bd05ee
                                                                                                          0x00000000
                                                                                                          0x02bd060f
                                                                                                          0x02bd04da
                                                                                                          0x02bd04dc
                                                                                                          0x02bd05db
                                                                                                          0x02bd05db
                                                                                                          0x02bd05e1
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bd061c
                                                                                                          0x02bd061c
                                                                                                          0x02bd061c
                                                                                                          0x02bd04f9
                                                                                                          0x02bd0518
                                                                                                          0x02bd0533
                                                                                                          0x02bd0538
                                                                                                          0x02bd0544
                                                                                                          0x02bd054b
                                                                                                          0x02bd058e
                                                                                                          0x02bd05ae
                                                                                                          0x02bd05b7
                                                                                                          0x02bd05c6
                                                                                                          0x02bd05cb
                                                                                                          0x02bd05d0
                                                                                                          0x02bd05d2
                                                                                                          0x00000000
                                                                                                          0x02bd05d2
                                                                                                          0x00000000
                                                                                                          0x02bd05d0
                                                                                                          0x02bd05d9
                                                                                                          0x00000000

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: $P$+XJ$XW$_!1
                                                                                                          • API String ID: 0-3524045022
                                                                                                          • Opcode ID: a6329d469485dc9ec997b8d7a974625d6287063b26d7d93605a5828af1e1ed14
                                                                                                          • Instruction ID: 738e7bd04bd165dc9afbdda1b8d7e578540cd71fa943d78ee5d3f5cc6d4d5587
                                                                                                          • Opcode Fuzzy Hash: a6329d469485dc9ec997b8d7a974625d6287063b26d7d93605a5828af1e1ed14
                                                                                                          • Instruction Fuzzy Hash: CDD101715093809FD368CF25C98AA5BBBF2FBC4748F108E1DF5999A260D7B19908CF42
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BB80C0, Relevance: 5.3, Strings: 4, Instructions: 261COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 74%
                                                                                                          			E02BB80C0(intOrPtr* __ecx) {
				char _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				unsigned int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				unsigned int _v168;
				intOrPtr* _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				unsigned int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				unsigned int _v216;
				signed int _v220;
				signed int _v224;
				void* _t254;
				void* _t262;
				intOrPtr _t274;
				intOrPtr _t275;
				intOrPtr* _t276;
				void* _t301;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				signed int _t311;
				signed int _t312;
				signed int _t313;
				intOrPtr _t314;
				void* _t315;
				intOrPtr _t318;
				signed int* _t319;

				_t276 = __ecx;
				_t319 =  &_v224;
				_v180 = 0xc71c90;
				_v180 = _v180 * 0x55;
				_t315 = 0xb85ea37;
				_v180 = _v180 + 0xffff2ba7;
				_v180 = _v180 ^ 0x4211e203;
				_v140 = 0x3ad325;
				_v140 = _v140 ^ 0x295262d9;
				_v140 = _v140 ^ 0x29635001;
				_v136 = 0xed3dcc;
				_t307 = 0x6e;
				_v172 = __ecx;
				_v136 = _v136 * 0x41;
				_v136 = _v136 ^ 0x3c3e3c90;
				_v168 = 0x802272;
				_v168 = _v168 + 0x3a4b;
				_v168 = _v168 >> 4;
				_v168 = _v168 ^ 0x0009cc0d;
				_v144 = 0x950525;
				_v144 = _v144 >> 0xb;
				_v144 = _v144 ^ 0x0000417f;
				_v132 = 0xde9c46;
				_v132 = _v132 | 0x6a28fd38;
				_v132 = _v132 ^ 0x6afd2d29;
				_v152 = 0x89fdc2;
				_v152 = _v152 + 0xffff27d1;
				_v152 = _v152 / _t307;
				_v152 = _v152 ^ 0x00002723;
				_v208 = 0xb8ba68;
				_t308 = 0x59;
				_v208 = _v208 / _t308;
				_v208 = _v208 | 0x82dd863f;
				_t309 = 0x24;
				_v208 = _v208 / _t309;
				_v208 = _v208 ^ 0x03ab2b52;
				_v200 = 0x881ce0;
				_t310 = 0x22;
				_v200 = _v200 / _t310;
				_v200 = _v200 >> 6;
				_v200 = _v200 + 0x7e14;
				_v200 = _v200 ^ 0x000ee7c7;
				_v216 = 0xe9a9fc;
				_v216 = _v216 >> 0xa;
				_v216 = _v216 * 0x7c;
				_v216 = _v216 >> 3;
				_v216 = _v216 ^ 0x000159fc;
				_v148 = 0xc6b5e0;
				_v148 = _v148 >> 8;
				_v148 = _v148 ^ 0x0008baff;
				_v192 = 0x70df9a;
				_v192 = _v192 | 0xc7ad4485;
				_v192 = _v192 << 0xe;
				_v192 = _v192 * 0x6c;
				_v192 = _v192 ^ 0x95ca127f;
				_v164 = 0x9f9928;
				_v164 = _v164 + 0x9182;
				_v164 = _v164 | 0x4431d27d;
				_v164 = _v164 ^ 0x44b31704;
				_v156 = 0x8a7155;
				_v156 = _v156 ^ 0x4b85dc4d;
				_v156 = _v156 << 3;
				_v156 = _v156 ^ 0x587c4d22;
				_v184 = 0xc4c18b;
				_v184 = _v184 ^ 0x011789e6;
				_v184 = _v184 | 0x4a7cbaeb;
				_v184 = _v184 ^ 0x4bf1fe8b;
				_v160 = 0x793715;
				_v160 = _v160 | 0xbf52a4ae;
				_v160 = _v160 ^ 0x0f7ea677;
				_v160 = _v160 ^ 0xb008de62;
				_v212 = 0x3fdf0f;
				_v212 = _v212 + 0xffffd1fd;
				_t311 = 7;
				_t318 = _v172;
				_v212 = _v212 * 0x1c;
				_v212 = _v212 >> 5;
				_v212 = _v212 ^ 0x0033b954;
				_v220 = 0x4e6c7b;
				_v220 = _v220 >> 4;
				_t275 = _v172;
				_v220 = _v220 / _t311;
				_v220 = _v220 + 0x72d0;
				_v220 = _v220 ^ 0x000bd6ae;
				_v176 = 0xb64387;
				_v176 = _v176 + 0xffff3763;
				_v176 = _v176 >> 0x10;
				_v176 = _v176 ^ 0x000cc814;
				_v224 = 0xc05028;
				_v224 = _v224 + 0xffff6137;
				_v224 = _v224 >> 1;
				_v224 = _v224 ^ 0x7bfc229c;
				_v224 = _v224 ^ 0x7ba9fc4e;
				_v188 = 0xb7ebf2;
				_v188 = _v188 >> 9;
				_v188 = _v188 ^ 0x513bd66b;
				_t312 = 0x35;
				_v188 = _v188 * 0x6b;
				_v188 = _v188 ^ 0xf3ed84ff;
				_v196 = 0x918e67;
				_v196 = _v196 >> 0xb;
				_v196 = _v196 / _t312;
				_t313 = 0x12;
				_t314 = _v172;
				_v196 = _v196 / _t313;
				_v196 = _v196 ^ 0x000cd5f1;
				_v204 = 0xbd465b;
				_v204 = _v204 ^ 0x40a0ad4b;
				_v204 = _v204 * 0x5a;
				_v204 = _v204 >> 6;
				_v204 = _v204 ^ 0x022df88e;
				while(1) {
					L1:
					_t254 = 0x58c5d57;
					do {
						while(_t315 != 0x26b32e) {
							if(_t315 == _t254) {
								_push(_v160);
								_push(_v184);
								_push(_v156);
								_t262 = E02BCE1F8(0x2bb1738, _v164, __eflags);
								_push(_t314);
								_push( &_v128);
								_push(_t262);
								_push(_t318);
								_push(_t275);
								 *((intOrPtr*)(E02BD31AA(0xb00b1257, 0x44)))();
								E02BCFECB(_t262, _v212, _v220, _v176, _v224);
								_t319 =  &(_t319[0xb]);
								_t315 = 0x5b11858;
								goto L12;
							} else {
								if(_t315 == 0x5b11858) {
									E02BD2B09(_v188, _t314, _v196, _v204);
								} else {
									if(_t315 == 0xa9c05ca) {
										_t314 = E02BD0A64( *((intOrPtr*)(_t276 + 4)),  *_t276, _v152, _v208);
										__eflags = _t314;
										if(__eflags != 0) {
											_t315 = 0xed0de4e;
											L12:
											_t276 = _v172;
											goto L1;
										}
									} else {
										if(_t315 == 0xb85ea37) {
											_t315 = 0x26b32e;
											continue;
										} else {
											if(_t315 != 0xed0de4e) {
												goto L15;
											} else {
												_t318 = 0x4000;
												_push(_t276);
												_push(_t276);
												_t274 = E02BBC5D8(0x4000);
												_t276 = _v172;
												_t275 = _t274;
												_t319 =  &(_t319[3]);
												_t254 = 0x58c5d57;
												_t315 =  !=  ? 0x58c5d57 : 0x5b11858;
												continue;
											}
										}
									}
								}
							}
							L18:
							return _t275;
						}
						_push(_t276);
						_push(_t276);
						_t318 = E02BCCCA0(1, 0x10);
						_push( &_v128);
						_push(_t318);
						_push(_v132);
						_t301 = 0xb;
						E02BBE404(_v144, _t301);
						_t276 = _v172;
						_t319 =  &(_t319[7]);
						_t315 = 0xa9c05ca;
						_t254 = 0x58c5d57;
						L15:
						__eflags = _t315 - 0x7f64d40;
					} while (__eflags != 0);
					goto L18;
				}
			}













































                                                                                                          0x02bb80c0
                                                                                                          0x02bb80c0
                                                                                                          0x02bb80c6
                                                                                                          0x02bb80d9
                                                                                                          0x02bb80dd
                                                                                                          0x02bb80e2
                                                                                                          0x02bb80ea
                                                                                                          0x02bb80f2
                                                                                                          0x02bb80fa
                                                                                                          0x02bb8102
                                                                                                          0x02bb810a
                                                                                                          0x02bb8119
                                                                                                          0x02bb811c
                                                                                                          0x02bb8120
                                                                                                          0x02bb8124
                                                                                                          0x02bb812c
                                                                                                          0x02bb8134
                                                                                                          0x02bb813c
                                                                                                          0x02bb8141
                                                                                                          0x02bb8149
                                                                                                          0x02bb8151
                                                                                                          0x02bb8156
                                                                                                          0x02bb815e
                                                                                                          0x02bb8166
                                                                                                          0x02bb816e
                                                                                                          0x02bb8176
                                                                                                          0x02bb817e
                                                                                                          0x02bb818e
                                                                                                          0x02bb8192
                                                                                                          0x02bb819a
                                                                                                          0x02bb81a6
                                                                                                          0x02bb81ab
                                                                                                          0x02bb81b1
                                                                                                          0x02bb81bd
                                                                                                          0x02bb81c2
                                                                                                          0x02bb81c8
                                                                                                          0x02bb81d0
                                                                                                          0x02bb81dc
                                                                                                          0x02bb81df
                                                                                                          0x02bb81e3
                                                                                                          0x02bb81e8
                                                                                                          0x02bb81f0
                                                                                                          0x02bb81f8
                                                                                                          0x02bb8200
                                                                                                          0x02bb820a
                                                                                                          0x02bb820e
                                                                                                          0x02bb8213
                                                                                                          0x02bb821b
                                                                                                          0x02bb8223
                                                                                                          0x02bb8228
                                                                                                          0x02bb8230
                                                                                                          0x02bb8238
                                                                                                          0x02bb8240
                                                                                                          0x02bb824a
                                                                                                          0x02bb824e
                                                                                                          0x02bb8256
                                                                                                          0x02bb825e
                                                                                                          0x02bb8266
                                                                                                          0x02bb826e
                                                                                                          0x02bb8276
                                                                                                          0x02bb8280
                                                                                                          0x02bb8288
                                                                                                          0x02bb828d
                                                                                                          0x02bb8295
                                                                                                          0x02bb829d
                                                                                                          0x02bb82a5
                                                                                                          0x02bb82ad
                                                                                                          0x02bb82b5
                                                                                                          0x02bb82bd
                                                                                                          0x02bb82c5
                                                                                                          0x02bb82cd
                                                                                                          0x02bb82d5
                                                                                                          0x02bb82dd
                                                                                                          0x02bb82ec
                                                                                                          0x02bb82ef
                                                                                                          0x02bb82f3
                                                                                                          0x02bb82f7
                                                                                                          0x02bb82fc
                                                                                                          0x02bb8304
                                                                                                          0x02bb830c
                                                                                                          0x02bb8319
                                                                                                          0x02bb831d
                                                                                                          0x02bb8321
                                                                                                          0x02bb8329
                                                                                                          0x02bb8331
                                                                                                          0x02bb8339
                                                                                                          0x02bb8341
                                                                                                          0x02bb8346
                                                                                                          0x02bb834e
                                                                                                          0x02bb8356
                                                                                                          0x02bb835e
                                                                                                          0x02bb8362
                                                                                                          0x02bb836a
                                                                                                          0x02bb8372
                                                                                                          0x02bb837a
                                                                                                          0x02bb837f
                                                                                                          0x02bb838c
                                                                                                          0x02bb838f
                                                                                                          0x02bb8393
                                                                                                          0x02bb839b
                                                                                                          0x02bb83a3
                                                                                                          0x02bb83b0
                                                                                                          0x02bb83b8
                                                                                                          0x02bb83bb
                                                                                                          0x02bb83bf
                                                                                                          0x02bb83c3
                                                                                                          0x02bb83cb
                                                                                                          0x02bb83d3
                                                                                                          0x02bb83e0
                                                                                                          0x02bb83e4
                                                                                                          0x02bb83e9
                                                                                                          0x02bb83f1
                                                                                                          0x02bb83f1
                                                                                                          0x02bb83f1
                                                                                                          0x02bb83f6
                                                                                                          0x02bb83f6
                                                                                                          0x02bb8404
                                                                                                          0x02bb849c
                                                                                                          0x02bb84a5
                                                                                                          0x02bb84a9
                                                                                                          0x02bb84b1
                                                                                                          0x02bb84c4
                                                                                                          0x02bb84c5
                                                                                                          0x02bb84c6
                                                                                                          0x02bb84c7
                                                                                                          0x02bb84c8
                                                                                                          0x02bb84d1
                                                                                                          0x02bb84e5
                                                                                                          0x02bb84ea
                                                                                                          0x02bb84ed
                                                                                                          0x00000000
                                                                                                          0x02bb840a
                                                                                                          0x02bb8410
                                                                                                          0x02bb855a
                                                                                                          0x02bb8416
                                                                                                          0x02bb841c
                                                                                                          0x02bb8482
                                                                                                          0x02bb8486
                                                                                                          0x02bb8488
                                                                                                          0x02bb848e
                                                                                                          0x02bb8493
                                                                                                          0x02bb8493
                                                                                                          0x00000000
                                                                                                          0x02bb8493
                                                                                                          0x02bb841e
                                                                                                          0x02bb8424
                                                                                                          0x02bb8469
                                                                                                          0x00000000
                                                                                                          0x02bb8426
                                                                                                          0x02bb842c
                                                                                                          0x00000000
                                                                                                          0x02bb8432
                                                                                                          0x02bb8436
                                                                                                          0x02bb8447
                                                                                                          0x02bb8448
                                                                                                          0x02bb844a
                                                                                                          0x02bb844f
                                                                                                          0x02bb8453
                                                                                                          0x02bb8455
                                                                                                          0x02bb845f
                                                                                                          0x02bb8464
                                                                                                          0x00000000
                                                                                                          0x02bb8464
                                                                                                          0x02bb842c
                                                                                                          0x02bb8424
                                                                                                          0x02bb841c
                                                                                                          0x02bb8410
                                                                                                          0x02bb8564
                                                                                                          0x02bb856d
                                                                                                          0x02bb856d
                                                                                                          0x02bb8504
                                                                                                          0x02bb8505
                                                                                                          0x02bb850f
                                                                                                          0x02bb8518
                                                                                                          0x02bb8519
                                                                                                          0x02bb851a
                                                                                                          0x02bb8527
                                                                                                          0x02bb8528
                                                                                                          0x02bb852d
                                                                                                          0x02bb8531
                                                                                                          0x02bb8534
                                                                                                          0x02bb8539
                                                                                                          0x02bb853e
                                                                                                          0x02bb853e
                                                                                                          0x02bb853e
                                                                                                          0x00000000
                                                                                                          0x02bb854a

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: "M|X$#'$K:${lN
                                                                                                          • API String ID: 0-1886388755
                                                                                                          • Opcode ID: f089ad4bbef1e2c4783811ec6c89bbed43698a93ed129ae21c39ad98331d7e61
                                                                                                          • Instruction ID: fea4f0fb282e9f79da726bab0e5ae2b51c11b339593423847329132cc0079e98
                                                                                                          • Opcode Fuzzy Hash: f089ad4bbef1e2c4783811ec6c89bbed43698a93ed129ae21c39ad98331d7e61
                                                                                                          • Instruction Fuzzy Hash: EFC150725083809FC358CF2AC48A91BFBE1FBD4758F10896DFA9596260D3B4D949CF82
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BB4BFC, Relevance: 5.2, Strings: 4, Instructions: 245COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 96%
                                                                                                          			E02BB4BFC(intOrPtr __ecx, intOrPtr* __edx) {
				intOrPtr _v4;
				intOrPtr* _v8;
				intOrPtr _v12;
				char _v16;
				signed int _v20;
				intOrPtr _v24;
				unsigned int _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				unsigned int _v108;
				unsigned int _v112;
				intOrPtr* _t246;
				signed int _t258;
				intOrPtr _t259;
				intOrPtr _t260;
				signed int _t262;
				intOrPtr _t266;
				intOrPtr _t267;
				signed int _t291;
				signed int _t292;
				signed int _t293;
				signed int _t294;
				signed int _t295;
				signed int _t296;
				intOrPtr _t297;
				void* _t299;
				signed int _t300;
				intOrPtr _t301;
				intOrPtr _t302;
				unsigned int* _t303;
				unsigned int* _t304;

				_t260 = __ecx;
				_t303 =  &_v112;
				_v8 = __edx;
				_v24 = __ecx;
				_v28 = 0xe57752;
				_v28 = _v28 >> 0xe;
				_v28 = _v28 ^ 0x00000395;
				_v84 = 0xa7b43c;
				_v84 = _v84 << 0xc;
				_t299 = 0x791519f;
				_v20 = _v20 & 0x00000000;
				_t291 = 0x69;
				_v84 = _v84 / _t291;
				_v84 = _v84 ^ 0x0126ef50;
				_v64 = 0x5471f4;
				_v64 = _v64 << 0xf;
				_v64 = _v64 ^ 0x38ff966c;
				_v108 = 0xe1a857;
				_v108 = _v108 >> 7;
				_v108 = _v108 << 0xf;
				_v108 = _v108 >> 0xf;
				_v108 = _v108 ^ 0x000c4d53;
				_v112 = 0xe3e3b6;
				_t292 = 0x1c;
				_t258 = 0x3d;
				_v112 = _v112 * 0x7f;
				_v112 = _v112 ^ 0x4177f445;
				_v112 = _v112 >> 8;
				_v112 = _v112 ^ 0x003f3c7e;
				_v60 = 0xdb6601;
				_v60 = _v60 | 0x1a9202c7;
				_v60 = _v60 ^ 0x1ad2035c;
				_v104 = 0x132994;
				_v104 = _v104 / _t292;
				_v104 = _v104 + 0x3dcb;
				_v104 = _v104 | 0x8aefcc47;
				_v104 = _v104 ^ 0x8ae713b1;
				_v80 = 0x4c94ef;
				_v80 = _v80 / _t258;
				_v80 = _v80 + 0xffffb573;
				_v80 = _v80 ^ 0x000791ec;
				_v48 = 0x6ce617;
				_v48 = _v48 ^ 0x91a29be4;
				_v48 = _v48 ^ 0x91c139dc;
				_v52 = 0x59f0b3;
				_v52 = _v52 ^ 0x18747c17;
				_v52 = _v52 ^ 0x182d8be2;
				_v56 = 0x3df981;
				_v56 = _v56 << 8;
				_v56 = _v56 ^ 0x3dfc4daf;
				_v76 = 0x62b80;
				_t293 = 0x5d;
				_v76 = _v76 / _t293;
				_v76 = _v76 + 0xffffe926;
				_v76 = _v76 ^ 0xfff7137f;
				_v72 = 0x7226d;
				_v72 = _v72 >> 1;
				_v72 = _v72 + 0x788a;
				_v72 = _v72 ^ 0x000e590c;
				_v96 = 0x39de81;
				_v96 = _v96 + 0x1ccc;
				_v96 = _v96 ^ 0xfb454dc1;
				_v96 = _v96 ^ 0xf28cd76a;
				_v96 = _v96 ^ 0x09fed289;
				_v100 = 0xca2105;
				_v100 = _v100 | 0x676862be;
				_v100 = _v100 + 0xffff68c4;
				_v100 = _v100 << 6;
				_v100 = _v100 ^ 0xfa784873;
				_v40 = 0xc4a147;
				_v40 = _v40 ^ 0x45259758;
				_v40 = _v40 ^ 0x45e701de;
				_v44 = 0x2d23a0;
				_t294 = 0x11;
				_t302 = _v8;
				_v44 = _v44 * 0x52;
				_v44 = _v44 ^ 0x0e7a51ec;
				_v92 = 0x79a225;
				_v92 = _v92 / _t294;
				_v92 = _v92 >> 9;
				_v92 = _v92 | 0x8583c695;
				_v92 = _v92 ^ 0x858adeed;
				_v88 = 0xed07fb;
				_v88 = _v88 + 0x2638;
				_t295 = 0x61;
				_v88 = _v88 / _t295;
				_t296 = 0xa;
				_t297 = _v4;
				_v88 = _v88 / _t296;
				_v88 = _v88 ^ 0x000a4d02;
				_v32 = 0x581804;
				_v32 = _v32 << 2;
				_v32 = _v32 ^ 0x01684d46;
				_v68 = 0xe8e83;
				_v68 = _v68 | 0xc7c33aae;
				_t259 = _v8;
				_v68 = _v68 / _t258;
				_v68 = _v68 ^ 0x0347a863;
				_t240 = _v36;
				L1:
				while(1) {
					do {
						while(_t299 != 0x16cba6e) {
							if(_t299 == 0x286464d) {
								_t297 = 0x10000;
								_push(_t260);
								_push(_t260);
								_t240 = E02BBC5D8(0x10000);
								_t259 = _t240;
								_t303 =  &(_t303[3]);
								if(_t259 != 0) {
									_v36 = _t240;
									_t302 = 0x10000;
									L7:
									_t260 = _v24;
									_t299 = 0x16cba6e;
									continue;
								}
							} else {
								if(_t299 != 0x791519f) {
									goto L15;
								} else {
									_t299 = 0x286464d;
									continue;
								}
							}
							goto L16;
						}
						_t262 = E02BC9C65(_v60,  &_v16, _t240, _t260, _t302, _v104, _v80);
						_t303 =  &(_t303[5]);
						_v20 = _t262;
						if(_t262 == 0) {
							L14:
							_t260 = _v24;
							_t299 = 0xcecd29d;
							goto L15;
						} else {
							_t266 = _v16;
							if(_t266 == 0) {
								goto L14;
							} else {
								_t240 = _v36 + _t266;
								_v36 = _v36 + _t266;
								_t302 = _t302 - _t266;
								if(_t302 != 0) {
									goto L7;
								} else {
									_t267 = _t297 + _t297;
									_push(_t267);
									_push(_t267);
									_v12 = _t267;
									_t301 = E02BBC5D8(_t267);
									_t304 =  &(_t303[3]);
									if(_t301 != 0) {
										E02BCC9B0(_v72, _t301, _v96, _t297, _t259, _v100);
										E02BD2B09(_v40, _t259, _v44, _v92);
										_t302 = _t297;
										_t240 = _t301 + _t297;
										_t297 = _v12;
										_t303 =  &(_t304[6]);
										_v36 = _t240;
										_t259 = _t301;
										if(_t302 != 0) {
											goto L7;
										}
									}
								}
							}
						}
						break;
						L15:
						_t240 = _v36;
					} while (_t299 != 0xcecd29d);
					L16:
					_t300 = _v20;
					if(_t300 != 0) {
						_t246 = _v8;
						 *_t246 = _t259;
						 *((intOrPtr*)(_t246 + 4)) = _t297 - _t302;
					} else {
						E02BD2B09(_v88, _t259, _v32, _v68);
					}
					return _t300;
				}
			}



















































                                                                                                          0x02bb4bfc
                                                                                                          0x02bb4bfc
                                                                                                          0x02bb4c03
                                                                                                          0x02bb4c07
                                                                                                          0x02bb4c0b
                                                                                                          0x02bb4c13
                                                                                                          0x02bb4c18
                                                                                                          0x02bb4c20
                                                                                                          0x02bb4c28
                                                                                                          0x02bb4c31
                                                                                                          0x02bb4c3a
                                                                                                          0x02bb4c3f
                                                                                                          0x02bb4c44
                                                                                                          0x02bb4c4a
                                                                                                          0x02bb4c52
                                                                                                          0x02bb4c5a
                                                                                                          0x02bb4c5f
                                                                                                          0x02bb4c67
                                                                                                          0x02bb4c6f
                                                                                                          0x02bb4c74
                                                                                                          0x02bb4c79
                                                                                                          0x02bb4c7e
                                                                                                          0x02bb4c86
                                                                                                          0x02bb4c93
                                                                                                          0x02bb4c96
                                                                                                          0x02bb4c99
                                                                                                          0x02bb4c9d
                                                                                                          0x02bb4ca5
                                                                                                          0x02bb4caa
                                                                                                          0x02bb4cb2
                                                                                                          0x02bb4cba
                                                                                                          0x02bb4cc2
                                                                                                          0x02bb4cca
                                                                                                          0x02bb4cda
                                                                                                          0x02bb4cde
                                                                                                          0x02bb4ce6
                                                                                                          0x02bb4cee
                                                                                                          0x02bb4cf6
                                                                                                          0x02bb4d06
                                                                                                          0x02bb4d0a
                                                                                                          0x02bb4d12
                                                                                                          0x02bb4d1a
                                                                                                          0x02bb4d22
                                                                                                          0x02bb4d2a
                                                                                                          0x02bb4d32
                                                                                                          0x02bb4d3a
                                                                                                          0x02bb4d42
                                                                                                          0x02bb4d4a
                                                                                                          0x02bb4d52
                                                                                                          0x02bb4d57
                                                                                                          0x02bb4d5f
                                                                                                          0x02bb4d6b
                                                                                                          0x02bb4d6e
                                                                                                          0x02bb4d72
                                                                                                          0x02bb4d7a
                                                                                                          0x02bb4d82
                                                                                                          0x02bb4d8a
                                                                                                          0x02bb4d8e
                                                                                                          0x02bb4d96
                                                                                                          0x02bb4d9e
                                                                                                          0x02bb4da6
                                                                                                          0x02bb4dae
                                                                                                          0x02bb4db6
                                                                                                          0x02bb4dc0
                                                                                                          0x02bb4dc8
                                                                                                          0x02bb4dd0
                                                                                                          0x02bb4dd8
                                                                                                          0x02bb4de0
                                                                                                          0x02bb4de5
                                                                                                          0x02bb4ded
                                                                                                          0x02bb4df5
                                                                                                          0x02bb4dfd
                                                                                                          0x02bb4e05
                                                                                                          0x02bb4e14
                                                                                                          0x02bb4e17
                                                                                                          0x02bb4e1b
                                                                                                          0x02bb4e1f
                                                                                                          0x02bb4e27
                                                                                                          0x02bb4e37
                                                                                                          0x02bb4e3b
                                                                                                          0x02bb4e40
                                                                                                          0x02bb4e48
                                                                                                          0x02bb4e50
                                                                                                          0x02bb4e58
                                                                                                          0x02bb4e64
                                                                                                          0x02bb4e69
                                                                                                          0x02bb4e73
                                                                                                          0x02bb4e78
                                                                                                          0x02bb4e7c
                                                                                                          0x02bb4e80
                                                                                                          0x02bb4e88
                                                                                                          0x02bb4e90
                                                                                                          0x02bb4e95
                                                                                                          0x02bb4e9d
                                                                                                          0x02bb4ea5
                                                                                                          0x02bb4eb3
                                                                                                          0x02bb4eb7
                                                                                                          0x02bb4ebb
                                                                                                          0x02bb4ec3
                                                                                                          0x00000000
                                                                                                          0x02bb4ec7
                                                                                                          0x02bb4ec7
                                                                                                          0x02bb4ec7
                                                                                                          0x02bb4ed5
                                                                                                          0x02bb4eee
                                                                                                          0x02bb4eff
                                                                                                          0x02bb4f00
                                                                                                          0x02bb4f02
                                                                                                          0x02bb4f07
                                                                                                          0x02bb4f09
                                                                                                          0x02bb4f0e
                                                                                                          0x02bb4f14
                                                                                                          0x02bb4f18
                                                                                                          0x02bb4f1a
                                                                                                          0x02bb4f1a
                                                                                                          0x02bb4f1e
                                                                                                          0x00000000
                                                                                                          0x02bb4f1e
                                                                                                          0x02bb4ed7
                                                                                                          0x02bb4edd
                                                                                                          0x00000000
                                                                                                          0x02bb4ee3
                                                                                                          0x02bb4ee3
                                                                                                          0x00000000
                                                                                                          0x02bb4ee3
                                                                                                          0x02bb4edd
                                                                                                          0x00000000
                                                                                                          0x02bb4ed5
                                                                                                          0x02bb4f3d
                                                                                                          0x02bb4f3f
                                                                                                          0x02bb4f42
                                                                                                          0x02bb4f48
                                                                                                          0x02bb4fd5
                                                                                                          0x02bb4fd5
                                                                                                          0x02bb4fd9
                                                                                                          0x00000000
                                                                                                          0x02bb4f4e
                                                                                                          0x02bb4f4e
                                                                                                          0x02bb4f54
                                                                                                          0x00000000
                                                                                                          0x02bb4f56
                                                                                                          0x02bb4f5a
                                                                                                          0x02bb4f5c
                                                                                                          0x02bb4f60
                                                                                                          0x02bb4f62
                                                                                                          0x00000000
                                                                                                          0x02bb4f64
                                                                                                          0x02bb4f68
                                                                                                          0x02bb4f77
                                                                                                          0x02bb4f78
                                                                                                          0x02bb4f7a
                                                                                                          0x02bb4f86
                                                                                                          0x02bb4f88
                                                                                                          0x02bb4f8d
                                                                                                          0x02bb4f9f
                                                                                                          0x02bb4fb2
                                                                                                          0x02bb4fb7
                                                                                                          0x02bb4fb9
                                                                                                          0x02bb4fbc
                                                                                                          0x02bb4fc3
                                                                                                          0x02bb4fc6
                                                                                                          0x02bb4fca
                                                                                                          0x02bb4fce
                                                                                                          0x00000000
                                                                                                          0x02bb4fd0
                                                                                                          0x02bb4fce
                                                                                                          0x02bb4f8d
                                                                                                          0x02bb4f62
                                                                                                          0x02bb4f54
                                                                                                          0x00000000
                                                                                                          0x02bb4fde
                                                                                                          0x02bb4fde
                                                                                                          0x02bb4fe2
                                                                                                          0x02bb4fee
                                                                                                          0x02bb4fee
                                                                                                          0x02bb4ff4
                                                                                                          0x02bb5011
                                                                                                          0x02bb5017
                                                                                                          0x02bb5019
                                                                                                          0x02bb4ff6
                                                                                                          0x02bb5004
                                                                                                          0x02bb500e
                                                                                                          0x02bb5025
                                                                                                          0x02bb5025

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: 8&$Rw$~<?$~<?
                                                                                                          • API String ID: 0-2119221410
                                                                                                          • Opcode ID: 8600c1e993c0d45627bb2cec288f3db7b3b12e0d783027c3838aca3f29b87caf
                                                                                                          • Instruction ID: 5810b8a7712e51ea73fa842f9e945669969085f2bab578ea3deba56398d6837d
                                                                                                          • Opcode Fuzzy Hash: 8600c1e993c0d45627bb2cec288f3db7b3b12e0d783027c3838aca3f29b87caf
                                                                                                          • Instruction Fuzzy Hash: 95B11D716083419FC358CF2AC48995BFBE1BBC4758F50892EF9A997220D3B4D949CF82
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BD2D53, Relevance: 5.2, Strings: 4, Instructions: 221COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 99%
                                                                                                          			E02BD2D53(void* __ecx, void* __edx) {
				signed int _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				void* _t237;
				intOrPtr _t238;
				intOrPtr _t239;
				void* _t243;
				signed int _t245;
				signed int _t246;
				signed int _t247;
				void* _t267;
				void* _t268;
				signed int* _t271;
				signed int* _t272;

				_t271 =  &_v104;
				_v4 = _v4 & 0x00000000;
				_v12 = 0xb3680a;
				_v8 = 0x44a7b2;
				_v84 = 0x16e473;
				_v84 = _v84 | 0xff7fd6cb;
				_v84 = _v84 << 0xe;
				_v84 = _v84 ^ 0xfdb25567;
				_v88 = 0x1491df;
				_v88 = _v88 | 0x25bec09f;
				_v88 = _v88 + 0xf90e;
				_v88 = _v88 << 0x10;
				_v88 = _v88 ^ 0xcae39943;
				_v92 = 0xaddb4a;
				_v92 = _v92 ^ 0x38a1add8;
				_t267 = __edx;
				_t243 = __ecx;
				_t245 = 0x27;
				_t268 = 0x72ed85;
				_v92 = _v92 / _t245;
				_t246 = 0x26;
				_v92 = _v92 * 0x56;
				_v92 = _v92 ^ 0x7b991acf;
				_v36 = 0x41254;
				_v36 = _v36 ^ 0x82dbc96b;
				_v36 = _v36 ^ 0x82dd2337;
				_v28 = 0x754151;
				_v28 = _v28 + 0x3d65;
				_v28 = _v28 ^ 0x0076627a;
				_v76 = 0xa9aca8;
				_v76 = _v76 * 0x46;
				_v76 = _v76 << 0x10;
				_v76 = _v76 * 0x71;
				_v76 = _v76 ^ 0xcef7d733;
				_v80 = 0x19ef1d;
				_v80 = _v80 + 0x4807;
				_v80 = _v80 >> 0x10;
				_t247 = 9;
				_v80 = _v80 / _t246;
				_v80 = _v80 ^ 0x000e4732;
				_v32 = 0xb4891b;
				_v32 = _v32 | 0x91ee1565;
				_v32 = _v32 ^ 0x91f206c4;
				_v52 = 0xb65ed8;
				_v52 = _v52 ^ 0x53a92618;
				_v52 = _v52 * 0x77;
				_v52 = _v52 ^ 0xa3a75cc7;
				_v20 = 0xeecfa7;
				_v20 = _v20 << 6;
				_v20 = _v20 ^ 0x3bb2e2c4;
				_v72 = 0xfbd7a5;
				_v72 = _v72 ^ 0x9f68e208;
				_v72 = _v72 << 8;
				_v72 = _v72 | 0x30258995;
				_v72 = _v72 ^ 0xb3385db1;
				_v24 = 0x1aaffc;
				_v24 = _v24 * 0x36;
				_v24 = _v24 ^ 0x05ac1646;
				_v16 = 0xb69c42;
				_v16 = _v16 + 0x3887;
				_v16 = _v16 ^ 0x00b1c7d8;
				_v44 = 0x5789e3;
				_v44 = _v44 / _t247;
				_v44 = _v44 + 0xffffe7e6;
				_v44 = _v44 ^ 0x00087fde;
				_v68 = 0x94873;
				_v68 = _v68 << 0xf;
				_v68 = _v68 + 0xffff48e1;
				_v68 = _v68 ^ 0x69c9ade9;
				_v68 = _v68 ^ 0xcdf62ffc;
				_v48 = 0x208212;
				_v48 = _v48 | 0x39c03c72;
				_v48 = _v48 >> 0xc;
				_v48 = _v48 ^ 0x0008cd3c;
				_v96 = 0x3b2be3;
				_v96 = _v96 ^ 0x07755c49;
				_v96 = _v96 >> 0xf;
				_v96 = _v96 ^ 0x076fdb2f;
				_v96 = _v96 ^ 0x07616547;
				_v100 = 0xac4dde;
				_v100 = _v100 + 0x3900;
				_t248 = 0x42;
				_v100 = _v100 * 0x54;
				_v100 = _v100 ^ 0x672a87d3;
				_v100 = _v100 ^ 0x5fb939da;
				_v104 = 0x9fab94;
				_v104 = _v104 ^ 0x81ae57b6;
				_v104 = _v104 | 0x48b65982;
				_v104 = _v104 * 0x3c;
				_v104 = _v104 ^ 0x471b6d30;
				_v56 = 0x9acae2;
				_v56 = _v56 << 3;
				_v56 = _v56 >> 0xf;
				_v56 = _v56 ^ 0x000181ed;
				_v60 = 0x9f5509;
				_v60 = _v60 / _t248;
				_v60 = _v60 >> 3;
				_v60 = _v60 + 0xfffff221;
				_v60 = _v60 ^ 0x000ffb1e;
				_v40 = 0x6ff3a2;
				_v40 = _v40 << 9;
				_v40 = _v40 + 0x9f22;
				_v40 = _v40 ^ 0xdfef744e;
				_v64 = 0xeafe6e;
				_v64 = _v64 ^ 0x9deccfb6;
				_v64 = _v64 << 0xf;
				_v64 = _v64 * 0x79;
				_v64 = _v64 ^ 0xc780890d;
				while(1) {
					L1:
					_t237 = 0xd8fe181;
					do {
						L2:
						while(_t268 != 0x72ed85) {
							if(_t268 == 0xb6c7232) {
								_t263 = _v44;
								_t248 = _v16;
								_t238 = E02BD1005(_v16, _v44, _v68, _v48,  *((intOrPtr*)(_t267 + 0x38)));
								_t271 =  &(_t271[3]);
								 *((intOrPtr*)(_t267 + 0x2c)) = _t238;
								__eflags = _t238;
								_t237 = 0xd8fe181;
								_t268 =  !=  ? 0xd8fe181 : 0xd6f812a;
								continue;
							}
							if(_t268 == 0xc5020c9) {
								_push(_v36);
								_t239 = E02BD3263(_v84, _v88, __eflags, _t243, _v92, _t248);
								_t272 =  &(_t271[4]);
								 *((intOrPtr*)(_t267 + 0x38)) = _t239;
								__eflags = _t239;
								if(_t239 != 0) {
									E02BD148A(_t239, _t239, _v28, _v76, _v80, _v32);
									_t263 = _v20;
									_t248 = _v52;
									E02BBE2BD(_v20, _v72,  *((intOrPtr*)(_t267 + 0x38)), _v24);
									_t271 =  &(_t272[7]);
									_t268 = 0xb6c7232;
									goto L1;
								}
							} else {
								if(_t268 == 0xd6f812a) {
									return E02BBF0E9(_v60,  *((intOrPtr*)(_t267 + 0x38)), _v40, _v64);
								}
								if(_t268 != _t237) {
									goto L13;
								} else {
									_t239 = E02BC0EBC(_v96, _t263, _v100, _v96, _v104, _v56, _v96, _t248, _t267, E02BCA2A5);
									_t271 =  &(_t271[8]);
									 *((intOrPtr*)(_t267 + 0x48)) = _t239;
									if(_t239 == 0) {
										_t268 = 0xd6f812a;
										while(1) {
											L1:
											_t237 = 0xd8fe181;
											goto L2;
										}
									}
								}
							}
							return _t239;
						}
						_t268 = 0xc5020c9;
						L13:
						__eflags = _t268 - 0x11d9bb5;
					} while (__eflags != 0);
					return _t237;
				}
			}








































                                                                                                          0x02bd2d53
                                                                                                          0x02bd2d56
                                                                                                          0x02bd2d5b
                                                                                                          0x02bd2d63
                                                                                                          0x02bd2d6b
                                                                                                          0x02bd2d73
                                                                                                          0x02bd2d7b
                                                                                                          0x02bd2d80
                                                                                                          0x02bd2d88
                                                                                                          0x02bd2d90
                                                                                                          0x02bd2d98
                                                                                                          0x02bd2da0
                                                                                                          0x02bd2da5
                                                                                                          0x02bd2dad
                                                                                                          0x02bd2db5
                                                                                                          0x02bd2dc7
                                                                                                          0x02bd2dc9
                                                                                                          0x02bd2dcb
                                                                                                          0x02bd2dce
                                                                                                          0x02bd2dd7
                                                                                                          0x02bd2de2
                                                                                                          0x02bd2de5
                                                                                                          0x02bd2de9
                                                                                                          0x02bd2df1
                                                                                                          0x02bd2df9
                                                                                                          0x02bd2e01
                                                                                                          0x02bd2e09
                                                                                                          0x02bd2e11
                                                                                                          0x02bd2e19
                                                                                                          0x02bd2e21
                                                                                                          0x02bd2e2e
                                                                                                          0x02bd2e32
                                                                                                          0x02bd2e3c
                                                                                                          0x02bd2e40
                                                                                                          0x02bd2e48
                                                                                                          0x02bd2e50
                                                                                                          0x02bd2e58
                                                                                                          0x02bd2e63
                                                                                                          0x02bd2e64
                                                                                                          0x02bd2e68
                                                                                                          0x02bd2e70
                                                                                                          0x02bd2e78
                                                                                                          0x02bd2e80
                                                                                                          0x02bd2e88
                                                                                                          0x02bd2e90
                                                                                                          0x02bd2e9d
                                                                                                          0x02bd2ea1
                                                                                                          0x02bd2ea9
                                                                                                          0x02bd2eb1
                                                                                                          0x02bd2eb6
                                                                                                          0x02bd2ebe
                                                                                                          0x02bd2ec6
                                                                                                          0x02bd2ece
                                                                                                          0x02bd2ed3
                                                                                                          0x02bd2edb
                                                                                                          0x02bd2ee3
                                                                                                          0x02bd2ef0
                                                                                                          0x02bd2ef4
                                                                                                          0x02bd2efc
                                                                                                          0x02bd2f04
                                                                                                          0x02bd2f0c
                                                                                                          0x02bd2f16
                                                                                                          0x02bd2f26
                                                                                                          0x02bd2f2c
                                                                                                          0x02bd2f39
                                                                                                          0x02bd2f41
                                                                                                          0x02bd2f49
                                                                                                          0x02bd2f4e
                                                                                                          0x02bd2f56
                                                                                                          0x02bd2f5e
                                                                                                          0x02bd2f66
                                                                                                          0x02bd2f6e
                                                                                                          0x02bd2f76
                                                                                                          0x02bd2f7b
                                                                                                          0x02bd2f83
                                                                                                          0x02bd2f8b
                                                                                                          0x02bd2f93
                                                                                                          0x02bd2f98
                                                                                                          0x02bd2fa0
                                                                                                          0x02bd2fa8
                                                                                                          0x02bd2fb0
                                                                                                          0x02bd2fbd
                                                                                                          0x02bd2fbe
                                                                                                          0x02bd2fc2
                                                                                                          0x02bd2fca
                                                                                                          0x02bd2fd2
                                                                                                          0x02bd2fda
                                                                                                          0x02bd2fe2
                                                                                                          0x02bd2fef
                                                                                                          0x02bd2ff3
                                                                                                          0x02bd2ffb
                                                                                                          0x02bd3003
                                                                                                          0x02bd3008
                                                                                                          0x02bd300d
                                                                                                          0x02bd3015
                                                                                                          0x02bd3023
                                                                                                          0x02bd3027
                                                                                                          0x02bd302c
                                                                                                          0x02bd3034
                                                                                                          0x02bd303c
                                                                                                          0x02bd3044
                                                                                                          0x02bd3049
                                                                                                          0x02bd3051
                                                                                                          0x02bd3059
                                                                                                          0x02bd3061
                                                                                                          0x02bd3069
                                                                                                          0x02bd3073
                                                                                                          0x02bd3077
                                                                                                          0x02bd307f
                                                                                                          0x02bd307f
                                                                                                          0x02bd307f
                                                                                                          0x02bd3084
                                                                                                          0x00000000
                                                                                                          0x02bd3084
                                                                                                          0x02bd3096
                                                                                                          0x02bd3155
                                                                                                          0x02bd3159
                                                                                                          0x02bd315d
                                                                                                          0x02bd3162
                                                                                                          0x02bd3165
                                                                                                          0x02bd3168
                                                                                                          0x02bd316c
                                                                                                          0x02bd3171
                                                                                                          0x00000000
                                                                                                          0x02bd3171
                                                                                                          0x02bd30a2
                                                                                                          0x02bd30e4
                                                                                                          0x02bd30f6
                                                                                                          0x02bd30fb
                                                                                                          0x02bd30fe
                                                                                                          0x02bd3101
                                                                                                          0x02bd3103
                                                                                                          0x02bd311d
                                                                                                          0x02bd312d
                                                                                                          0x02bd3134
                                                                                                          0x02bd3138
                                                                                                          0x02bd313d
                                                                                                          0x02bd3140
                                                                                                          0x00000000
                                                                                                          0x02bd3140
                                                                                                          0x02bd30a4
                                                                                                          0x02bd30a6
                                                                                                          0x00000000
                                                                                                          0x02bd31a1
                                                                                                          0x02bd30ae
                                                                                                          0x00000000
                                                                                                          0x02bd30b4
                                                                                                          0x02bd30cd
                                                                                                          0x02bd30d2
                                                                                                          0x02bd30d5
                                                                                                          0x02bd30da
                                                                                                          0x02bd30e0
                                                                                                          0x02bd307f
                                                                                                          0x02bd307f
                                                                                                          0x02bd307f
                                                                                                          0x00000000
                                                                                                          0x02bd307f
                                                                                                          0x02bd307f
                                                                                                          0x02bd30da
                                                                                                          0x02bd30ae
                                                                                                          0x02bd31a9
                                                                                                          0x02bd31a9
                                                                                                          0x02bd3179
                                                                                                          0x02bd317e
                                                                                                          0x02bd317e
                                                                                                          0x02bd317e
                                                                                                          0x00000000
                                                                                                          0x02bd3084

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: $P$sH$zbv$+;
                                                                                                          • API String ID: 0-3806253346
                                                                                                          • Opcode ID: 25e0d5347c2c59fccf6a676eb1928bb615990529c82cbfc445ccc13eb80c369a
                                                                                                          • Instruction ID: 0e960a287753f8e7e03d1baaf740dda707ad3b5e87b288bc9f24faf45a23a95c
                                                                                                          • Opcode Fuzzy Hash: 25e0d5347c2c59fccf6a676eb1928bb615990529c82cbfc445ccc13eb80c369a
                                                                                                          • Instruction Fuzzy Hash: CCB10EB2508381AFD359CF61C48A41BFBE2FB84358F509A1DF59686260E3B1C949CF83
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BCE4E5, Relevance: 5.2, Strings: 4, Instructions: 220COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 94%
                                                                                                          			E02BCE4E5(void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v60;
				intOrPtr _v80;
				intOrPtr _v92;
				intOrPtr _v124;
				intOrPtr _v140;
				char _v152;
				char _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				unsigned int _v200;
				void* __ecx;
				void* _t118;
				signed int _t141;
				void* _t151;
				intOrPtr _t166;
				intOrPtr _t182;
				signed int _t183;
				intOrPtr _t184;
				signed int* _t187;
				void* _t189;

				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				E02BCFE29(_t118);
				_v196 = 0x42a34f;
				_t187 =  &(( &_v200)[5]);
				_v196 = _v196 + 0xffffd591;
				_v196 = _v196 >> 8;
				_t182 = 0;
				_v196 = _v196 >> 0xd;
				_t151 = 0x8265549;
				_v196 = _v196 ^ 0x000e54fd;
				_v192 = 0xf4ad66;
				_t183 = 0x28;
				_v192 = _v192 * 0x74;
				_v192 = _v192 + 0xffff9a5e;
				_v192 = _v192 * 0x25;
				_v192 = _v192 ^ 0x06100388;
				_v164 = 0xada112;
				_v164 = _v164 << 6;
				_v164 = _v164 ^ 0x2b616de0;
				_v188 = 0x6e3b94;
				_v188 = _v188 * 0x6f;
				_v188 = _v188 ^ 0xb2fa2ce6;
				_v188 = _v188 >> 2;
				_v188 = _v188 ^ 0x27407061;
				_v184 = 0x76ba26;
				_v184 = _v184 ^ 0xa3b8c1ec;
				_v184 = _v184 * 6;
				_v184 = _v184 ^ 0xd6d91427;
				_v172 = 0x136254;
				_v172 = _v172 + 0x2ded;
				_v172 = _v172 ^ 0x001b6319;
				_v200 = 0xa09af9;
				_v200 = _v200 + 0x31d;
				_v200 = _v200 + 0xffff390b;
				_v200 = _v200 >> 0xc;
				_v200 = _v200 ^ 0x000c9fcd;
				_v176 = 0xee2a82;
				_v176 = _v176 / _t183;
				_v176 = _v176 ^ 0x000a5024;
				_t66 =  &_v176; // 0xa5024
				_t184 =  *_t66;
				_v180 = 0xbc2dba;
				_v180 = _v180 << 0xa;
				_v180 = _v180 << 0xc;
				_v180 = _v180 ^ 0x6e88cd95;
				_v168 = 0x8f86b;
				_v168 = _v168 * 0x73;
				_v168 = _v168 ^ 0x040961a3;
				while(1) {
					_t189 = _t151 - 0x90fe06e;
					if(_t189 > 0) {
						goto L23;
					}
					L2:
					if(_t189 == 0) {
						__eflags = _v140 - 3;
						if(__eflags == 0) {
							E02BD00EF( &_v152);
							L16:
							_t151 = 0x574a4dd;
							continue;
							do {
								while(1) {
									_t189 = _t151 - 0x90fe06e;
									if(_t189 > 0) {
										goto L23;
									}
									goto L2;
								}
								L45:
								__eflags = _t151 - 0x4105f99;
							} while (__eflags != 0);
							L46:
							return _t182;
						}
						_t151 = 0xaf84b7f;
						while(1) {
							_t189 = _t151 - 0x90fe06e;
							if(_t189 > 0) {
								goto L23;
							}
							goto L2;
						}
						goto L23;
					}
					if(_t151 == 0x172cdb8) {
						_push(_t151);
						_push(_t151);
						_t184 = E02BBC5D8(0x5c);
						_t187 =  &(_t187[3]);
						__eflags = _t184;
						if(__eflags == 0) {
							L14:
							_t151 = 0x666f2cd;
							continue;
						}
						 *((intOrPtr*)(_t184 + 0x30)) = _v80;
						 *((intOrPtr*)(_t184 + 8)) = _v124;
						 *((intOrPtr*)(_t184 + 4)) = _v92;
						_t151 = 0xc6d3ff5;
						continue;
					}
					if(_t151 == 0x2270dbc) {
						__eflags = _v140 - 7;
						if(__eflags == 0) {
							E02BC7D5B( &_v152);
						}
						goto L16;
					}
					if(_t151 == 0x39f0156) {
						__eflags = E02BC9D3E( &_v60, _v164, __eflags, _v188,  &_v160);
						if(__eflags == 0) {
							goto L46;
						}
						goto L14;
					}
					if(_t151 == 0x574a4dd) {
						_t166 =  *0x2bd6210; // 0x0
						_t182 = _t182 + 1;
						__eflags = _t182;
						 *((intOrPtr*)(_t184 + 0x24)) =  *((intOrPtr*)(_t166 + 0x210));
						 *((intOrPtr*)(_t166 + 0x210)) = _t184;
						L12:
						_t151 = 0x39f0156;
						continue;
					}
					if(_t151 == 0x666f2cd) {
						_t141 = E02BC8806(_v184, _v172,  &_v160,  &_v152);
						asm("sbb ecx, ecx");
						_t151 = ( ~_t141 & 0xfdd3cc62) + 0x39f0156;
						continue;
					}
					if(_t151 != 0x8265549) {
						goto L45;
					}
					E02BB22A6(_a4, _v196,  &_v60, _v192);
					_t187 =  &(_t187[2]);
					_t151 = 0xf4b2976;
					continue;
					L23:
					__eflags = _t151 - 0x9a4295f;
					if(_t151 == 0x9a4295f) {
						__eflags = _v140 - 5;
						if(__eflags == 0) {
							E02BD2D53( &_v152, _t184);
							_t151 = 0x574a4dd;
							goto L45;
						}
						_t151 = 0xa7bb9ce;
						continue;
					}
					__eflags = _t151 - 0xa7bb9ce;
					if(_t151 == 0xa7bb9ce) {
						__eflags = _v140 - 6;
						if(__eflags == 0) {
							E02BCA474( &_v152);
							goto L16;
						}
						_t151 = 0x2270dbc;
						continue;
					}
					__eflags = _t151 - 0xaf84b7f;
					if(_t151 == 0xaf84b7f) {
						__eflags = _v140 - 4;
						if(__eflags == 0) {
							E02BB238C( &_v152);
							goto L16;
						}
						_t151 = 0x9a4295f;
						continue;
					}
					__eflags = _t151 - 0xbf40480;
					if(_t151 == 0xbf40480) {
						__eflags = _v140 - 2;
						if(__eflags == 0) {
							E02BCCCD9( &_v152, _t184);
							goto L16;
						}
						_t151 = 0x90fe06e;
						continue;
					}
					__eflags = _t151 - 0xc6d3ff5;
					if(_t151 == 0xc6d3ff5) {
						__eflags = _v140 - 1;
						if(__eflags == 0) {
							E02BBA871( &_v152);
							goto L16;
						}
						_t151 = 0xbf40480;
						continue;
					}
					__eflags = _t151 - 0xf4b2976;
					if(_t151 != 0xf4b2976) {
						goto L45;
					}
					E02BBB820(0);
					goto L12;
				}
			}






























                                                                                                          0x02bce4ef
                                                                                                          0x02bce4f6
                                                                                                          0x02bce4fd
                                                                                                          0x02bce504
                                                                                                          0x02bce506
                                                                                                          0x02bce50b
                                                                                                          0x02bce513
                                                                                                          0x02bce516
                                                                                                          0x02bce520
                                                                                                          0x02bce525
                                                                                                          0x02bce527
                                                                                                          0x02bce52c
                                                                                                          0x02bce531
                                                                                                          0x02bce53e
                                                                                                          0x02bce552
                                                                                                          0x02bce553
                                                                                                          0x02bce557
                                                                                                          0x02bce564
                                                                                                          0x02bce568
                                                                                                          0x02bce570
                                                                                                          0x02bce578
                                                                                                          0x02bce57d
                                                                                                          0x02bce585
                                                                                                          0x02bce592
                                                                                                          0x02bce596
                                                                                                          0x02bce59e
                                                                                                          0x02bce5a3
                                                                                                          0x02bce5ab
                                                                                                          0x02bce5b3
                                                                                                          0x02bce5c0
                                                                                                          0x02bce5c4
                                                                                                          0x02bce5cc
                                                                                                          0x02bce5d4
                                                                                                          0x02bce5dc
                                                                                                          0x02bce5e4
                                                                                                          0x02bce5ec
                                                                                                          0x02bce5f4
                                                                                                          0x02bce5fc
                                                                                                          0x02bce601
                                                                                                          0x02bce609
                                                                                                          0x02bce617
                                                                                                          0x02bce61b
                                                                                                          0x02bce623
                                                                                                          0x02bce623
                                                                                                          0x02bce627
                                                                                                          0x02bce62f
                                                                                                          0x02bce634
                                                                                                          0x02bce639
                                                                                                          0x02bce641
                                                                                                          0x02bce64e
                                                                                                          0x02bce652
                                                                                                          0x02bce65a
                                                                                                          0x02bce65a
                                                                                                          0x02bce660
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bce666
                                                                                                          0x02bce666
                                                                                                          0x02bce79d
                                                                                                          0x02bce7a2
                                                                                                          0x02bce7b2
                                                                                                          0x02bce747
                                                                                                          0x02bce747
                                                                                                          0x02bce749
                                                                                                          0x02bce65a
                                                                                                          0x02bce65a
                                                                                                          0x02bce65a
                                                                                                          0x02bce660
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bce660
                                                                                                          0x02bce89d
                                                                                                          0x02bce89d
                                                                                                          0x02bce89d
                                                                                                          0x02bce8a9
                                                                                                          0x02bce8b5
                                                                                                          0x02bce8b5
                                                                                                          0x02bce7a4
                                                                                                          0x02bce65a
                                                                                                          0x02bce65a
                                                                                                          0x02bce660
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bce660
                                                                                                          0x00000000
                                                                                                          0x02bce65a
                                                                                                          0x02bce672
                                                                                                          0x02bce769
                                                                                                          0x02bce76a
                                                                                                          0x02bce772
                                                                                                          0x02bce774
                                                                                                          0x02bce777
                                                                                                          0x02bce779
                                                                                                          0x02bce736
                                                                                                          0x02bce736
                                                                                                          0x00000000
                                                                                                          0x02bce736
                                                                                                          0x02bce782
                                                                                                          0x02bce789
                                                                                                          0x02bce790
                                                                                                          0x02bce793
                                                                                                          0x00000000
                                                                                                          0x02bce793
                                                                                                          0x02bce67e
                                                                                                          0x02bce740
                                                                                                          0x02bce745
                                                                                                          0x02bce752
                                                                                                          0x02bce752
                                                                                                          0x00000000
                                                                                                          0x02bce745
                                                                                                          0x02bce686
                                                                                                          0x02bce72e
                                                                                                          0x02bce730
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bce730
                                                                                                          0x02bce68e
                                                                                                          0x02bce6f6
                                                                                                          0x02bce6fc
                                                                                                          0x02bce6fc
                                                                                                          0x02bce703
                                                                                                          0x02bce706
                                                                                                          0x02bce70c
                                                                                                          0x02bce70c
                                                                                                          0x00000000
                                                                                                          0x02bce70c
                                                                                                          0x02bce696
                                                                                                          0x02bce6dc
                                                                                                          0x02bce6e7
                                                                                                          0x02bce6ef
                                                                                                          0x00000000
                                                                                                          0x02bce6ef
                                                                                                          0x02bce69e
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bce6bb
                                                                                                          0x02bce6c0
                                                                                                          0x02bce6c3
                                                                                                          0x00000000
                                                                                                          0x02bce7b9
                                                                                                          0x02bce7b9
                                                                                                          0x02bce7bf
                                                                                                          0x02bce87f
                                                                                                          0x02bce884
                                                                                                          0x02bce896
                                                                                                          0x02bce89b
                                                                                                          0x00000000
                                                                                                          0x02bce89b
                                                                                                          0x02bce886
                                                                                                          0x00000000
                                                                                                          0x02bce886
                                                                                                          0x02bce7c5
                                                                                                          0x02bce7cb
                                                                                                          0x02bce860
                                                                                                          0x02bce865
                                                                                                          0x02bce875
                                                                                                          0x00000000
                                                                                                          0x02bce875
                                                                                                          0x02bce867
                                                                                                          0x00000000
                                                                                                          0x02bce867
                                                                                                          0x02bce7d1
                                                                                                          0x02bce7d7
                                                                                                          0x02bce841
                                                                                                          0x02bce846
                                                                                                          0x02bce856
                                                                                                          0x00000000
                                                                                                          0x02bce856
                                                                                                          0x02bce848
                                                                                                          0x00000000
                                                                                                          0x02bce848
                                                                                                          0x02bce7d9
                                                                                                          0x02bce7df
                                                                                                          0x02bce820
                                                                                                          0x02bce825
                                                                                                          0x02bce837
                                                                                                          0x00000000
                                                                                                          0x02bce837
                                                                                                          0x02bce827
                                                                                                          0x00000000
                                                                                                          0x02bce827
                                                                                                          0x02bce7e1
                                                                                                          0x02bce7e7
                                                                                                          0x02bce801
                                                                                                          0x02bce806
                                                                                                          0x02bce816
                                                                                                          0x00000000
                                                                                                          0x02bce816
                                                                                                          0x02bce808
                                                                                                          0x00000000
                                                                                                          0x02bce808
                                                                                                          0x02bce7e9
                                                                                                          0x02bce7ef
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bce7f7
                                                                                                          0x00000000
                                                                                                          0x02bce7f7

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: $P$ap@'$-$ma+
                                                                                                          • API String ID: 0-1845766705
                                                                                                          • Opcode ID: 54abdb2c624f571523ad12c7486b6a757800baa683ec0cc52f3f9984f0ba1a22
                                                                                                          • Instruction ID: 2a0a0cfe40c40fb13623dc4a9db5cbd8832cf164ca54197616d9cca7c761ee38
                                                                                                          • Opcode Fuzzy Hash: 54abdb2c624f571523ad12c7486b6a757800baa683ec0cc52f3f9984f0ba1a22
                                                                                                          • Instruction Fuzzy Hash: 55917A71618341CBC728DE24C89896FBBE6FBC4308F2449AEE69656260D774DA49CF43
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BC3EAA, Relevance: 5.2, Strings: 4, Instructions: 152COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 98%
                                                                                                          			E02BC3EAA() {
				char _v520;
				signed int _v524;
				signed int _v528;
				signed int _v532;
				signed int _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _v572;
				signed int _t134;
				void* _t136;
				signed int _t139;
				signed int _t140;
				void* _t141;
				signed int _t158;
				signed int _t159;
				signed int _t160;
				void* _t162;
				signed int _t163;
				signed int* _t164;

				_t164 =  &_v572;
				_v540 = 0x8ebbe1;
				_v540 = _v540 ^ 0xad58d7a7;
				_t141 = 0x14ab4b7;
				_v540 = _v540 + 0xffffedc9;
				_v540 = _v540 ^ 0xadd357de;
				_v568 = 0x9c9bda;
				_v568 = _v568 | 0x36ff3ceb;
				_v568 = _v568 << 9;
				_v568 = _v568 << 0xc;
				_v568 = _v568 ^ 0xff6ebe8a;
				_v572 = 0xc63a18;
				_t158 = 0x35;
				_v572 = _v572 / _t158;
				_v572 = _v572 + 0x3c6e;
				_t162 = 0;
				_t159 = 9;
				_v572 = _v572 * 0x2b;
				_v572 = _v572 ^ 0x00acfd7d;
				_v564 = 0xeb3370;
				_v564 = _v564 + 0xdf6d;
				_v564 = _v564 + 0xffff5689;
				_v564 = _v564 + 0xffff8af1;
				_v564 = _v564 ^ 0x00e2fb3e;
				_v556 = 0xcf22db;
				_v556 = _v556 + 0xdc1c;
				_v556 = _v556 ^ 0xabcda180;
				_v556 = _v556 * 0x79;
				_v556 = _v556 ^ 0xd41378ff;
				_v536 = 0x8b65e6;
				_v536 = _v536 >> 4;
				_v536 = _v536 | 0x892333f7;
				_v536 = _v536 ^ 0x8920b82e;
				_v552 = 0x92756e;
				_v552 = _v552 >> 9;
				_v552 = _v552 ^ 0x00055fbe;
				_v548 = 0xae9165;
				_v548 = _v548 >> 8;
				_v548 = _v548 << 3;
				_v548 = _v548 ^ 0x000d4470;
				_v560 = 0x7e7234;
				_t163 = _v552;
				_t140 = _v552;
				_v560 = _v560 * 0x4b;
				_v560 = _v560 * 0x7e;
				_v560 = _v560 / _t159;
				_v560 = _v560 ^ 0x06ab9265;
				_v524 = 0x1cfeb9;
				_v524 = _v524 + 0xfb24;
				_v524 = _v524 ^ 0x001447a0;
				_v532 = 0x9f8444;
				_t160 = 0x41;
				_t161 = _v552;
				_v532 = _v532 / _t160;
				_v532 = _v532 ^ 0x00060648;
				_v528 = 0xb53968;
				_v528 = _v528 >> 6;
				_v528 = _v528 ^ 0x00025f1c;
				while(_t141 != 0x6ff509) {
					if(_t141 == 0x14ab4b7) {
						_t141 = 0x9db1fde;
						continue;
					} else {
						if(_t141 == 0x18d2c7e) {
							_t140 = E02BC09DD(_v536,  &_v520, _v552, _v548);
							_t141 = 0x3c9aed4;
							continue;
						} else {
							if(_t141 == 0x3c9aed4) {
								_t134 = E02BBEFE1(_v524, _v532, _v528, _t140);
								_t164 =  &(_t164[3]);
								_t163 = _t134;
								_t141 = 0x6ff509;
								continue;
							} else {
								if(_t141 == 0x65dbbcc) {
									_push(_t141);
									_t136 = E02BC0ABA(_v568, _v572, __eflags, _v564,  &_v520, _t161, _v556);
									_t164 =  &(_t164[5]);
									__eflags = _t136;
									if(__eflags != 0) {
										_t141 = 0x18d2c7e;
										continue;
									}
								} else {
									if(_t141 != 0x9db1fde) {
										L15:
										__eflags = _t141 - 0xdb9fdb2;
										if(__eflags != 0) {
											continue;
										}
									} else {
										_t139 = E02BBDD35();
										_t161 = _t139;
										if(_t139 != 0) {
											_t141 = 0x65dbbcc;
											continue;
										}
									}
								}
							}
						}
					}
					return _t162;
				}
				_v544 = 0xee725a;
				_v544 = _v544 ^ 0x4fb40d60;
				_v544 = _v544 | 0x3a9e06c5;
				_v544 = _v544 ^ 0x55f97f1d;
				__eflags = _t163 - _v544;
				_t162 =  ==  ? 1 : _t162;
				__eflags = _t162;
				_t141 = 0xdb9fdb2;
				goto L15;
			}




























                                                                                                          0x02bc3eaa
                                                                                                          0x02bc3eb0
                                                                                                          0x02bc3eba
                                                                                                          0x02bc3ec2
                                                                                                          0x02bc3ec7
                                                                                                          0x02bc3ecf
                                                                                                          0x02bc3ed7
                                                                                                          0x02bc3edf
                                                                                                          0x02bc3ee7
                                                                                                          0x02bc3eec
                                                                                                          0x02bc3ef1
                                                                                                          0x02bc3ef9
                                                                                                          0x02bc3f09
                                                                                                          0x02bc3f0e
                                                                                                          0x02bc3f14
                                                                                                          0x02bc3f1c
                                                                                                          0x02bc3f23
                                                                                                          0x02bc3f26
                                                                                                          0x02bc3f2a
                                                                                                          0x02bc3f32
                                                                                                          0x02bc3f3a
                                                                                                          0x02bc3f42
                                                                                                          0x02bc3f4a
                                                                                                          0x02bc3f52
                                                                                                          0x02bc3f5a
                                                                                                          0x02bc3f62
                                                                                                          0x02bc3f6a
                                                                                                          0x02bc3f77
                                                                                                          0x02bc3f7b
                                                                                                          0x02bc3f83
                                                                                                          0x02bc3f8b
                                                                                                          0x02bc3f90
                                                                                                          0x02bc3f98
                                                                                                          0x02bc3fa0
                                                                                                          0x02bc3fa8
                                                                                                          0x02bc3fad
                                                                                                          0x02bc3fb5
                                                                                                          0x02bc3fbd
                                                                                                          0x02bc3fc2
                                                                                                          0x02bc3fc7
                                                                                                          0x02bc3fcf
                                                                                                          0x02bc3fdc
                                                                                                          0x02bc3fe0
                                                                                                          0x02bc3fe4
                                                                                                          0x02bc3fed
                                                                                                          0x02bc3ff9
                                                                                                          0x02bc3ffd
                                                                                                          0x02bc4005
                                                                                                          0x02bc400d
                                                                                                          0x02bc4015
                                                                                                          0x02bc401d
                                                                                                          0x02bc4029
                                                                                                          0x02bc402c
                                                                                                          0x02bc4030
                                                                                                          0x02bc4034
                                                                                                          0x02bc403c
                                                                                                          0x02bc4044
                                                                                                          0x02bc4049
                                                                                                          0x02bc4051
                                                                                                          0x02bc4063
                                                                                                          0x02bc4124
                                                                                                          0x00000000
                                                                                                          0x02bc4069
                                                                                                          0x02bc406f
                                                                                                          0x02bc4118
                                                                                                          0x02bc411a
                                                                                                          0x00000000
                                                                                                          0x02bc4075
                                                                                                          0x02bc407b
                                                                                                          0x02bc40ed
                                                                                                          0x02bc40f2
                                                                                                          0x02bc40f5
                                                                                                          0x02bc40f7
                                                                                                          0x00000000
                                                                                                          0x02bc407d
                                                                                                          0x02bc4083
                                                                                                          0x02bc40ab
                                                                                                          0x02bc40c2
                                                                                                          0x02bc40c7
                                                                                                          0x02bc40ca
                                                                                                          0x02bc40cc
                                                                                                          0x02bc40d2
                                                                                                          0x00000000
                                                                                                          0x02bc40d2
                                                                                                          0x02bc4085
                                                                                                          0x02bc408b
                                                                                                          0x02bc415f
                                                                                                          0x02bc415f
                                                                                                          0x02bc4165
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bc4091
                                                                                                          0x02bc4095
                                                                                                          0x02bc409a
                                                                                                          0x02bc409e
                                                                                                          0x02bc40a4
                                                                                                          0x00000000
                                                                                                          0x02bc40a4
                                                                                                          0x02bc409e
                                                                                                          0x02bc408b
                                                                                                          0x02bc4083
                                                                                                          0x02bc407b
                                                                                                          0x02bc406f
                                                                                                          0x02bc4177
                                                                                                          0x02bc4177
                                                                                                          0x02bc412e
                                                                                                          0x02bc4138
                                                                                                          0x02bc4141
                                                                                                          0x02bc4149
                                                                                                          0x02bc4155
                                                                                                          0x02bc4157
                                                                                                          0x02bc4157
                                                                                                          0x02bc415a
                                                                                                          0x00000000

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: 4r~$Zr$n<$p3
                                                                                                          • API String ID: 0-1989199487
                                                                                                          • Opcode ID: 9c14014ca497ea253b6b14b19677e07633968f0fa0b54784dcf0298cd53d7ee1
                                                                                                          • Instruction ID: a1655cdf60535bf9a43e5f58e4aa4de84dcccb391f14ee27e274f013b98c2143
                                                                                                          • Opcode Fuzzy Hash: 9c14014ca497ea253b6b14b19677e07633968f0fa0b54784dcf0298cd53d7ee1
                                                                                                          • Instruction Fuzzy Hash: 346146715083419FC358CE26C49942FBBF1FBD8768F104A6DF29AA6260D3B4CA45CF46
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BC85FF, Relevance: 5.1, Strings: 4, Instructions: 142COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 65%
                                                                                                          			E02BC85FF(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v76;
				char _v80;
				char _v148;
				void* _t125;
				signed int _t148;
				signed int _t149;
				intOrPtr _t165;
				char _t166;

				_t165 = _a4;
				_push(0);
				_push(_a24);
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_t165);
				_push(__edx);
				_push(__ecx);
				E02BCFE29(_t125);
				_v56 = _v56 & 0x00000000;
				_v64 = 0x4c8eee;
				_v60 = 0xd08445;
				_v12 = 0x2b5b52;
				_v12 = _v12 << 0xa;
				_v12 = _v12 ^ 0x243df932;
				_t148 = 0x1b;
				_v12 = _v12 / _t148;
				_v12 = _v12 ^ 0x0511db29;
				_v32 = 0x4cbd6f;
				_v32 = _v32 >> 0xd;
				_v32 = _v32 << 0x10;
				_v32 = _v32 ^ 0x02619ccd;
				_v8 = 0x229cdc;
				_v8 = _v8 ^ 0x1dfe7fc6;
				_v8 = _v8 + 0x780d;
				_v8 = _v8 >> 1;
				_v8 = _v8 ^ 0x0ee175b3;
				_v40 = 0x8e82d1;
				_v40 = _v40 + 0xffffcc21;
				_t149 = 0x39;
				_v40 = _v40 * 0x69;
				_v40 = _v40 ^ 0x3a51eacf;
				_v20 = 0xb8087c;
				_v20 = _v20 * 0x23;
				_v20 = _v20 >> 5;
				_v20 = _v20 ^ 0x00c96169;
				_v24 = 0x5c9964;
				_v24 = _v24 / _t149;
				_v24 = _v24 >> 7;
				_v24 = _v24 ^ 0x00085b7f;
				_v36 = 0xf34403;
				_v36 = _v36 * 0x6a;
				_v36 = _v36 | 0x7504e0f6;
				_v36 = _v36 ^ 0x75b6ad40;
				_v28 = 0x74a083;
				_v28 = _v28 * 0x7e;
				_v28 = _v28 >> 6;
				_v28 = _v28 ^ 0x00e859e6;
				_v48 = 0x5be020;
				_v48 = _v48 << 3;
				_v48 = _v48 ^ 0x02dd1a4a;
				_v44 = 0xfc2deb;
				_v44 = _v44 + 0x1b3b;
				_v44 = _v44 ^ 0x00f2ef0d;
				_v52 = 0x7de099;
				_v52 = _v52 ^ 0xb346769d;
				_v52 = _v52 ^ 0xb330844a;
				_v16 = 0x4076ee;
				_v16 = _v16 * 0xa;
				_v16 = _v16 * 0x14;
				_v16 = _v16 << 7;
				_v16 = _v16 ^ 0x2e751909;
				_t150 = _v12;
				_push( &_v148);
				_t166 = 0x44;
				_push(_t166);
				E02BCFE2A(_v12, _v32);
				_v148 = _t166;
				if(E02BD2C24(_a8, _v8, _v12, _t150, _v40, _t150, _v20, _a20, _v24,  &_v148, _t150, _v36, _v28, _t150, _a12,  &_v80) == 0) {
					return 0;
				}
				if(_t165 == 0) {
					E02BD1538(_v48, _v44, _v80);
					E02BD1538(_v52, _v16, _v76);
				} else {
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
				}
				return 1;
			}


























                                                                                                          0x02bc860a
                                                                                                          0x02bc860d
                                                                                                          0x02bc860f
                                                                                                          0x02bc8612
                                                                                                          0x02bc8615
                                                                                                          0x02bc8618
                                                                                                          0x02bc861b
                                                                                                          0x02bc861e
                                                                                                          0x02bc861f
                                                                                                          0x02bc8620
                                                                                                          0x02bc8621
                                                                                                          0x02bc8626
                                                                                                          0x02bc862c
                                                                                                          0x02bc8633
                                                                                                          0x02bc863a
                                                                                                          0x02bc8641
                                                                                                          0x02bc8645
                                                                                                          0x02bc8651
                                                                                                          0x02bc8656
                                                                                                          0x02bc865b
                                                                                                          0x02bc8662
                                                                                                          0x02bc8669
                                                                                                          0x02bc866d
                                                                                                          0x02bc8671
                                                                                                          0x02bc8678
                                                                                                          0x02bc867f
                                                                                                          0x02bc8686
                                                                                                          0x02bc868d
                                                                                                          0x02bc8690
                                                                                                          0x02bc8697
                                                                                                          0x02bc869e
                                                                                                          0x02bc86a9
                                                                                                          0x02bc86aa
                                                                                                          0x02bc86ad
                                                                                                          0x02bc86b4
                                                                                                          0x02bc86bf
                                                                                                          0x02bc86c2
                                                                                                          0x02bc86c6
                                                                                                          0x02bc86cd
                                                                                                          0x02bc86d9
                                                                                                          0x02bc86dc
                                                                                                          0x02bc86e0
                                                                                                          0x02bc86e7
                                                                                                          0x02bc86f2
                                                                                                          0x02bc86f5
                                                                                                          0x02bc86fc
                                                                                                          0x02bc8703
                                                                                                          0x02bc870e
                                                                                                          0x02bc8711
                                                                                                          0x02bc8715
                                                                                                          0x02bc871c
                                                                                                          0x02bc8723
                                                                                                          0x02bc8727
                                                                                                          0x02bc872e
                                                                                                          0x02bc8735
                                                                                                          0x02bc873c
                                                                                                          0x02bc8743
                                                                                                          0x02bc874a
                                                                                                          0x02bc8751
                                                                                                          0x02bc8758
                                                                                                          0x02bc8763
                                                                                                          0x02bc876a
                                                                                                          0x02bc8773
                                                                                                          0x02bc8777
                                                                                                          0x02bc8781
                                                                                                          0x02bc8784
                                                                                                          0x02bc8787
                                                                                                          0x02bc8788
                                                                                                          0x02bc8789
                                                                                                          0x02bc8791
                                                                                                          0x02bc87cc
                                                                                                          0x00000000
                                                                                                          0x02bc87fe
                                                                                                          0x02bc87d0
                                                                                                          0x02bc87e7
                                                                                                          0x02bc87f5
                                                                                                          0x02bc87d2
                                                                                                          0x02bc87d5
                                                                                                          0x02bc87d6
                                                                                                          0x02bc87d7
                                                                                                          0x02bc87d8
                                                                                                          0x02bc87d8
                                                                                                          0x00000000

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: [$R[+$Y$v@
                                                                                                          • API String ID: 0-1276245682
                                                                                                          • Opcode ID: efe08f301ab2b251a86e33dfee0dd2d26676926c88cc055a74a7a241cd428695
                                                                                                          • Instruction ID: 8a353985cb2a19a3d031d135a54ea7642e68ee3ee3e3e5cfac417d314a780c60
                                                                                                          • Opcode Fuzzy Hash: efe08f301ab2b251a86e33dfee0dd2d26676926c88cc055a74a7a241cd428695
                                                                                                          • Instruction Fuzzy Hash: 1C614472C00209EFCF09CFE4D94A9EEBBB5FB48304F20819AE915B6250D7B55A55CFA4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BC9A01, Relevance: 5.1, Strings: 4, Instructions: 140COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 90%
                                                                                                          			E02BC9A01(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				void* _t106;
				intOrPtr _t127;
				void* _t128;
				void* _t130;
				intOrPtr _t143;
				void* _t144;
				void* _t145;
				signed int _t146;
				signed int _t147;
				signed int _t148;
				void* _t150;
				void* _t151;

				_push(_a12);
				_t144 = __edx;
				_t128 = __ecx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E02BCFE29(_t106);
				_v4 = 0x81363a;
				_t151 = _t150 + 0x14;
				_v4 = _v4 | 0xe86970e7;
				_v4 = _v4 ^ 0xe8e8406c;
				_t145 = 0;
				_v8 = 0xe36f3c;
				_t130 = 0x9d12efa;
				_t10 =  &_v8; // 0xe36f3c
				_t146 = 0x18;
				_v8 =  *_t10 / _t146;
				_v8 = _v8 ^ 0x000ac4f9;
				_v28 = 0x86ae71;
				_v28 = _v28 + 0x307d;
				_v28 = _v28 ^ 0x3f5774ce;
				_v28 = _v28 ^ 0x3fdb82be;
				_v12 = 0xd5596e;
				_t147 = 0x24;
				_v12 = _v12 * 0x75;
				_v12 = _v12 ^ 0x618cdae6;
				_v16 = 0xa0cb2;
				_v16 = _v16 + 0x618a;
				_v16 = _v16 + 0xfb99;
				_v16 = _v16 ^ 0x0001ef53;
				_v20 = 0xb65aa2;
				_v20 = _v20 | 0x7ee7663c;
				_v20 = _v20 + 0xffff14a1;
				_v20 = _v20 ^ 0x7ef81620;
				_v24 = 0x69cefc;
				_v24 = _v24 * 5;
				_v24 = _v24 ^ 0x0216a415;
				_v44 = 0xc8ca94;
				_v44 = _v44 * 0x55;
				_v44 = _v44 << 0xc;
				_v44 = _v44 >> 2;
				_v44 = _v44 ^ 0x2d01fb93;
				_v32 = 0xaa7e08;
				_v32 = _v32 << 6;
				_v32 = _v32 / _t147;
				_v32 = _v32 | 0xdbfc63c4;
				_v32 = _v32 ^ 0xdbf76cca;
				_v36 = 0x12ed95;
				_v36 = _v36 + 0xd11f;
				_t148 = 0x64;
				_v36 = _v36 / _t148;
				_v36 = _v36 ^ 0x700cfa35;
				_v36 = _v36 ^ 0x700e1ad8;
				_v40 = 0xf66f66;
				_v40 = _v40 + 0xffff4d0b;
				_v40 = _v40 + 0xffffdddb;
				_v40 = _v40 + 0xffff052c;
				_v40 = _v40 ^ 0x00f507b6;
				do {
					while(_t130 != 0x348ce2d) {
						if(_t130 == 0x5264aba) {
							_t143 =  *0x2bd6228; // 0x0
							E02BD2B09(_v32, _t143, _v36, _v40);
						} else {
							if(_t130 == 0x5e19b60) {
								if(E02BD3EE9() != 0) {
									_t130 = 0x348ce2d;
									continue;
								}
							} else {
								if(_t130 == 0x8610059) {
									E02BBDCA0();
									_t130 = 0x5264aba;
									continue;
								} else {
									if(_t130 != 0x9d12efa) {
										goto L12;
									} else {
										_push(_t130);
										_push(_t130);
										_t127 = E02BBC5D8(0x30);
										_t151 = _t151 + 0xc;
										 *0x2bd6228 = _t127;
										_t130 = 0x5e19b60;
										continue;
									}
								}
							}
						}
						L15:
						return _t145;
					}
					_t145 = E02BB3271(_v16, _t144, _v20, _t128, _v24, _v44);
					_t151 = _t151 + 0x10;
					if(_t145 == 0) {
						_t130 = 0x8610059;
						goto L12;
					}
					goto L15;
					L12:
				} while (_t130 != 0xbdf1695);
				goto L15;
			}


























                                                                                                          0x02bc9a08
                                                                                                          0x02bc9a0c
                                                                                                          0x02bc9a0e
                                                                                                          0x02bc9a10
                                                                                                          0x02bc9a14
                                                                                                          0x02bc9a18
                                                                                                          0x02bc9a19
                                                                                                          0x02bc9a1a
                                                                                                          0x02bc9a1f
                                                                                                          0x02bc9a27
                                                                                                          0x02bc9a2a
                                                                                                          0x02bc9a34
                                                                                                          0x02bc9a3c
                                                                                                          0x02bc9a3e
                                                                                                          0x02bc9a46
                                                                                                          0x02bc9a4b
                                                                                                          0x02bc9a51
                                                                                                          0x02bc9a56
                                                                                                          0x02bc9a5c
                                                                                                          0x02bc9a64
                                                                                                          0x02bc9a6c
                                                                                                          0x02bc9a74
                                                                                                          0x02bc9a7c
                                                                                                          0x02bc9a84
                                                                                                          0x02bc9a91
                                                                                                          0x02bc9a94
                                                                                                          0x02bc9a98
                                                                                                          0x02bc9aa0
                                                                                                          0x02bc9aa8
                                                                                                          0x02bc9ab0
                                                                                                          0x02bc9ab8
                                                                                                          0x02bc9ac0
                                                                                                          0x02bc9ac8
                                                                                                          0x02bc9ad0
                                                                                                          0x02bc9ad8
                                                                                                          0x02bc9ae0
                                                                                                          0x02bc9af5
                                                                                                          0x02bc9af9
                                                                                                          0x02bc9b01
                                                                                                          0x02bc9b0e
                                                                                                          0x02bc9b12
                                                                                                          0x02bc9b17
                                                                                                          0x02bc9b1c
                                                                                                          0x02bc9b24
                                                                                                          0x02bc9b2c
                                                                                                          0x02bc9b39
                                                                                                          0x02bc9b3d
                                                                                                          0x02bc9b45
                                                                                                          0x02bc9b4d
                                                                                                          0x02bc9b55
                                                                                                          0x02bc9b61
                                                                                                          0x02bc9b69
                                                                                                          0x02bc9b6d
                                                                                                          0x02bc9b75
                                                                                                          0x02bc9b7d
                                                                                                          0x02bc9b85
                                                                                                          0x02bc9b8d
                                                                                                          0x02bc9b95
                                                                                                          0x02bc9b9d
                                                                                                          0x02bc9ba5
                                                                                                          0x02bc9ba5
                                                                                                          0x02bc9baf
                                                                                                          0x02bc9c4a
                                                                                                          0x02bc9c54
                                                                                                          0x02bc9bb5
                                                                                                          0x02bc9bbb
                                                                                                          0x02bc9c08
                                                                                                          0x02bc9c0a
                                                                                                          0x00000000
                                                                                                          0x02bc9c0a
                                                                                                          0x02bc9bbd
                                                                                                          0x02bc9bc3
                                                                                                          0x02bc9bf5
                                                                                                          0x02bc9bfa
                                                                                                          0x00000000
                                                                                                          0x02bc9bc5
                                                                                                          0x02bc9bcb
                                                                                                          0x00000000
                                                                                                          0x02bc9bcd
                                                                                                          0x02bc9bdd
                                                                                                          0x02bc9bde
                                                                                                          0x02bc9be1
                                                                                                          0x02bc9be6
                                                                                                          0x02bc9be9
                                                                                                          0x02bc9bee
                                                                                                          0x00000000
                                                                                                          0x02bc9bee
                                                                                                          0x02bc9bcb
                                                                                                          0x02bc9bc3
                                                                                                          0x02bc9bbb
                                                                                                          0x02bc9c5c
                                                                                                          0x02bc9c64
                                                                                                          0x02bc9c64
                                                                                                          0x02bc9c26
                                                                                                          0x02bc9c28
                                                                                                          0x02bc9c2d
                                                                                                          0x02bc9c2f
                                                                                                          0x00000000
                                                                                                          0x02bc9c2f
                                                                                                          0x00000000
                                                                                                          0x02bc9c34
                                                                                                          0x02bc9c34
                                                                                                          0x00000000

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: <f~$<o$l@$}0
                                                                                                          • API String ID: 0-758050912
                                                                                                          • Opcode ID: 981536fe477bb73eaf56d830733368e6a12157fd1aa32b2b821b724d82bcf1d5
                                                                                                          • Instruction ID: 0d1ee9192e2d42ce6071186f78afd9779e5b445ce00f01025f89162c5610734c
                                                                                                          • Opcode Fuzzy Hash: 981536fe477bb73eaf56d830733368e6a12157fd1aa32b2b821b724d82bcf1d5
                                                                                                          • Instruction Fuzzy Hash: 93516371508340AFD748CF26D48982FBBE2EFC8358F60595DF59696260E7B1CA48CF86
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BB2194, Relevance: 5.1, Strings: 4, Instructions: 83COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 58%
                                                                                                          			E02BB2194(void* __ecx, void* __edx, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a32, intOrPtr _a36, intOrPtr _a40, intOrPtr _a44, intOrPtr _a48, intOrPtr _a52, intOrPtr _a56, intOrPtr _a60) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				void* _t67;
				intOrPtr* _t77;
				signed int _t80;
				signed int _t81;
				void* _t88;

				_t88 = __ecx;
				E02BCFE29(_t67);
				_v28 = 0x23b662;
				_v24 = 0;
				_v12 = 0x5a4623;
				_v12 = _v12 + 0x2367;
				_v12 = _v12 ^ 0x11a2f25e;
				_v12 = _v12 << 5;
				_v12 = _v12 ^ 0x3f16c1ec;
				_v20 = 0x4a1b7a;
				_v20 = _v20 ^ 0x2a8c83f5;
				_v20 = _v20 ^ 0x0b06bd0c;
				_v20 = _v20 ^ 0x21c6558f;
				_v8 = 0x75635a;
				_v8 = _v8 >> 0xc;
				_t80 = 0x19;
				_v8 = _v8 / _t80;
				_v8 = _v8 ^ 0x5f69645e;
				_v8 = _v8 ^ 0x5f68d09e;
				_v16 = 0xc2b090;
				_v16 = _v16 + 0xffff85c8;
				_t81 = 0x7c;
				_v16 = _v16 / _t81;
				_v16 = _v16 ^ 0x000d5e79;
				_t77 = E02BBEB52(_t81, _t81, 0x525cea78, 0xe3, 0x4be980c1);
				return  *_t77(_a56, _a36, _a48, 0, 0, _a16, _a60, _t88, _a44, _a52, __ecx, __edx, 0, _a8, _a12, _a16, _a20, _a24, 0, _a32, _a36, _a40, _a44, _a48, _a52, _a56, _a60);
			}














                                                                                                          0x02bb21a1
                                                                                                          0x02bb21cb
                                                                                                          0x02bb21d0
                                                                                                          0x02bb21da
                                                                                                          0x02bb21df
                                                                                                          0x02bb21e6
                                                                                                          0x02bb21ed
                                                                                                          0x02bb21f4
                                                                                                          0x02bb21f8
                                                                                                          0x02bb21ff
                                                                                                          0x02bb2206
                                                                                                          0x02bb220d
                                                                                                          0x02bb2214
                                                                                                          0x02bb221b
                                                                                                          0x02bb2222
                                                                                                          0x02bb222b
                                                                                                          0x02bb2230
                                                                                                          0x02bb2235
                                                                                                          0x02bb223c
                                                                                                          0x02bb2243
                                                                                                          0x02bb224a
                                                                                                          0x02bb2254
                                                                                                          0x02bb225c
                                                                                                          0x02bb225f
                                                                                                          0x02bb227e
                                                                                                          0x02bb22a5

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: #FZ$^di_$g#$y^
                                                                                                          • API String ID: 0-3614166594
                                                                                                          • Opcode ID: 898530e46850b57c1b6fa34e43e5d7b9a10138e0edf0e53e97a2ce7a6b0f25a3
                                                                                                          • Instruction ID: 8bb5ad85542edeaa804ebab4f67386e4cbc00219e8ce1ad460d31c7986c09ba6
                                                                                                          • Opcode Fuzzy Hash: 898530e46850b57c1b6fa34e43e5d7b9a10138e0edf0e53e97a2ce7a6b0f25a3
                                                                                                          • Instruction Fuzzy Hash: 0331F572800208FBCF05DFA5DC098DEBFB6FF89304F508199FA1466120D3B68A60AF90
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BC8FAE, Relevance: 4.1, Strings: 3, Instructions: 312COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 94%
                                                                                                          			E02BC8FAE(intOrPtr* __ecx) {
				intOrPtr* _v4;
				char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				void* _t364;
				void* _t367;
				void* _t375;
				void* _t379;
				signed int _t382;
				signed int _t383;
				signed int _t384;
				signed int _t385;
				signed int _t386;
				signed int _t387;
				intOrPtr _t420;
				intOrPtr* _t425;
				void* _t429;
				signed int* _t430;

				_t430 =  &_v164;
				_v44 = 0xc56d85;
				_v44 = _v44 | 0x6747c0a0;
				_v44 = _v44 ^ 0x67c7eda5;
				_v148 = 0xd0221b;
				_v148 = _v148 + 0xb86b;
				_t425 = __ecx;
				_t429 = 0;
				_t382 = 0x2d;
				_v4 = __ecx;
				_t379 = 0x771143;
				_v148 = _v148 / _t382;
				_v148 = _v148 * 0x66;
				_v148 = _v148 ^ 0x01d966be;
				_v152 = 0x268288;
				_v152 = _v152 + 0xc42a;
				_v152 = _v152 * 0x1a;
				_v152 = _v152 | 0x9e13f09a;
				_v152 = _v152 ^ 0x9ffffe9e;
				_v84 = 0x856365;
				_v84 = _v84 + 0xffff26a7;
				_v84 = _v84 << 4;
				_v84 = _v84 ^ 0x0848a0c0;
				_v72 = 0xf332ed;
				_v72 = _v72 ^ 0xef6a6dd6;
				_v72 = _v72 >> 6;
				_v72 = _v72 ^ 0x03be657c;
				_v120 = 0xd51e66;
				_v120 = _v120 | 0x823b6191;
				_v120 = _v120 + 0xffffb8fb;
				_v120 = _v120 + 0xaa7;
				_v120 = _v120 ^ 0x82fd9684;
				_v108 = 0xd10da2;
				_v108 = _v108 + 0xffff1c26;
				_v108 = _v108 + 0xffff12ce;
				_v108 = _v108 ^ 0x00cc3eec;
				_v76 = 0x14aa13;
				_v76 = _v76 ^ 0xa7d92c4a;
				_v76 = _v76 >> 0xc;
				_v76 = _v76 ^ 0x000074b4;
				_v92 = 0x17a820;
				_v92 = _v92 ^ 0x3a93bf92;
				_v92 = _v92 | 0x1a458659;
				_v92 = _v92 ^ 0x3acb9ffe;
				_v144 = 0x9f1ca1;
				_v144 = _v144 << 3;
				_v144 = _v144 | 0x88246970;
				_v144 = _v144 + 0x8e62;
				_v144 = _v144 ^ 0x8cf667c6;
				_v52 = 0x8da33b;
				_v52 = _v52 >> 8;
				_v52 = _v52 ^ 0x00059428;
				_v96 = 0x1abb08;
				_v96 = _v96 ^ 0x6c742edf;
				_v96 = _v96 + 0xffff01f6;
				_v96 = _v96 ^ 0x6c6614ef;
				_v112 = 0x9f0f81;
				_v112 = _v112 * 0x6a;
				_v112 = _v112 >> 3;
				_v112 = _v112 ^ 0x083a0fed;
				_v156 = 0x609a24;
				_v156 = _v156 + 0xffff683f;
				_v156 = _v156 << 5;
				_v156 = _v156 + 0xcd31;
				_v156 = _v156 ^ 0x0c079756;
				_v164 = 0xe5cc1d;
				_v164 = _v164 << 7;
				_v164 = _v164 | 0x9a492847;
				_v164 = _v164 * 0x78;
				_v164 = _v164 ^ 0xa012b17f;
				_v128 = 0x53ee3c;
				_t120 =  &_v128; // 0x53ee3c
				_t383 = 0x29;
				_v128 =  *_t120 / _t383;
				_v128 = _v128 ^ 0x929088a5;
				_v128 = _v128 + 0xa7c3;
				_v128 = _v128 ^ 0x929242c1;
				_v140 = 0x5f30f1;
				_v140 = _v140 | 0xd1491927;
				_t384 = 0x7c;
				_v140 = _v140 / _t384;
				_t385 = 0x58;
				_v140 = _v140 / _t385;
				_v140 = _v140 ^ 0x000295f0;
				_v88 = 0x55e174;
				_v88 = _v88 ^ 0x7dd6f036;
				_v88 = _v88 >> 0xd;
				_v88 = _v88 ^ 0x000a8d63;
				_v28 = 0xb452eb;
				_v28 = _v28 + 0xffff5322;
				_v28 = _v28 ^ 0x00ba2bf5;
				_v36 = 0x42507a;
				_v36 = _v36 | 0xf1dc1e20;
				_v36 = _v36 ^ 0xf1d9c77b;
				_v80 = 0xc31b4e;
				_v80 = _v80 ^ 0xd2ac5232;
				_t386 = 0x43;
				_v80 = _v80 / _t386;
				_v80 = _v80 ^ 0x03298e6e;
				_v124 = 0x46c8cc;
				_v124 = _v124 << 8;
				_v124 = _v124 >> 5;
				_v124 = _v124 << 7;
				_v124 = _v124 ^ 0x1b2fd4b6;
				_v132 = 0x745205;
				_v132 = _v132 ^ 0x1862e0ae;
				_v132 = _v132 << 5;
				_v132 = _v132 >> 6;
				_v132 = _v132 ^ 0x0007d289;
				_v20 = 0x713f0f;
				_v20 = _v20 ^ 0x61c76558;
				_v20 = _v20 ^ 0x61bb476a;
				_v48 = 0x3998c0;
				_v48 = _v48 | 0xd3555304;
				_v48 = _v48 ^ 0xd37b9815;
				_v160 = 0xe5ad6c;
				_v160 = _v160 * 0x3a;
				_v160 = _v160 | 0x660736ab;
				_v160 = _v160 << 0xd;
				_v160 = _v160 ^ 0xefd0e6e0;
				_v60 = 0x9fc9f5;
				_v60 = _v60 >> 7;
				_v60 = _v60 ^ 0x000a96ad;
				_v16 = 0xa888b5;
				_v16 = _v16 << 0xb;
				_v16 = _v16 ^ 0x4445c6cc;
				_v104 = 0xee35af;
				_v104 = _v104 ^ 0xea83652e;
				_v104 = _v104 << 3;
				_v104 = _v104 ^ 0x536d6a1f;
				_v12 = 0x6066b2;
				_v12 = _v12 + 0xb1d6;
				_v12 = _v12 ^ 0x00605003;
				_v40 = 0x2dba20;
				_v40 = _v40 * 0x73;
				_v40 = _v40 ^ 0x1485b41c;
				_v136 = 0xfcb12d;
				_v136 = _v136 << 1;
				_v136 = _v136 + 0xaead;
				_v136 = _v136 + 0xffffaecb;
				_v136 = _v136 ^ 0x01ffed69;
				_v24 = 0x751c6a;
				_t387 = 0x7d;
				_v24 = _v24 / _t387;
				_v24 = _v24 ^ 0x0002b143;
				_v68 = 0x69a6e2;
				_v68 = _v68 + 0xaa03;
				_v68 = _v68 ^ 0x73662bb1;
				_v68 = _v68 ^ 0x730f0150;
				_v100 = 0xcb496d;
				_v100 = _v100 >> 1;
				_v100 = _v100 >> 0xf;
				_v100 = _v100 ^ 0x0008f604;
				_v56 = 0x2cd04e;
				_v56 = _v56 << 3;
				_v56 = _v56 ^ 0x0162f7e8;
				_v32 = 0xb2ca4d;
				_v32 = _v32 + 0x32b9;
				_v32 = _v32 ^ 0x00b4bcfb;
				_v64 = 0x655992;
				_v64 = _v64 >> 5;
				_v64 = _v64 | 0x6342cf71;
				_v64 = _v64 ^ 0x634627b6;
				_v116 = 0x833545;
				_v116 = _v116 * 0x75;
				_v116 = _v116 + 0xeb9e;
				_v116 = _v116 * 0x6f;
				_v116 = _v116 ^ 0x00ae15cd;
				while(1) {
					L1:
					_t364 = 0x917a7c8;
					do {
						if(_t379 == 0x771143) {
							_t379 = 0x6e440a7;
							goto L9;
						} else {
							if(_t379 == 0x1a710aa) {
								E02BBF7FE(_v64, _v8, _v116, _v72);
							} else {
								if(_t379 == 0x6e440a7) {
									_push(_v92);
									_push(_v76);
									_push(_v108);
									_t367 = E02BCE1F8(0x2bb14c8, _v120, __eflags);
									_push(_v112);
									_push(_v96);
									_push(_v52);
									__eflags = E02BB738A(_v156, _t367, _v164, _v44,  &_v8, E02BCE1F8(0x2bb1318, _v144, __eflags), _v128) - _v148;
									_t379 =  ==  ? 0x917a7c8 : 0x14ee4a5;
									E02BCFECB(_t367, _v140, _v88, _v28, _v36);
									E02BCFECB(_t368, _v80, _v124, _v132, _v20);
									_t425 = _v4;
									_t430 =  &(_t430[0x11]);
									_t364 = 0x917a7c8;
									goto L9;
								} else {
									_t436 = _t379 - _t364;
									if(_t379 != _t364) {
										goto L9;
									} else {
										_push(_v16);
										_push(_v60);
										_push(_v160);
										_t375 = E02BCE1F8(0x2bb1368, _v48, _t436);
										_t420 =  *0x2bd6224; // 0x0
										E02BBBC32( *((intOrPtr*)(_t425 + 4)), _t420 + 0x48, _v152, _v104, _v12, _t375,  *_t425, _v40, _v136, _v8, 0x2bb1368, _v24);
										_t379 = 0x1a710aa;
										_t429 =  ==  ? 1 : _t429;
										E02BCFECB(_t375, _v68, _v100, _v56, _v32);
										_t430 =  &(_t430[0x10]);
										goto L1;
									}
								}
							}
						}
						L12:
						return _t429;
						L9:
						__eflags = _t379 - 0x14ee4a5;
					} while (__eflags != 0);
					goto L12;
				}
			}


























































                                                                                                          0x02bc8fae
                                                                                                          0x02bc8fb4
                                                                                                          0x02bc8fbe
                                                                                                          0x02bc8fc6
                                                                                                          0x02bc8fce
                                                                                                          0x02bc8fd6
                                                                                                          0x02bc8fe6
                                                                                                          0x02bc8fe8
                                                                                                          0x02bc8fec
                                                                                                          0x02bc8fef
                                                                                                          0x02bc8ff6
                                                                                                          0x02bc8ffb
                                                                                                          0x02bc9004
                                                                                                          0x02bc9008
                                                                                                          0x02bc9010
                                                                                                          0x02bc9018
                                                                                                          0x02bc9025
                                                                                                          0x02bc9029
                                                                                                          0x02bc9031
                                                                                                          0x02bc9039
                                                                                                          0x02bc9041
                                                                                                          0x02bc9049
                                                                                                          0x02bc904e
                                                                                                          0x02bc9056
                                                                                                          0x02bc905e
                                                                                                          0x02bc9066
                                                                                                          0x02bc906b
                                                                                                          0x02bc9073
                                                                                                          0x02bc907b
                                                                                                          0x02bc9083
                                                                                                          0x02bc908b
                                                                                                          0x02bc9093
                                                                                                          0x02bc909b
                                                                                                          0x02bc90a3
                                                                                                          0x02bc90ab
                                                                                                          0x02bc90b3
                                                                                                          0x02bc90bb
                                                                                                          0x02bc90c3
                                                                                                          0x02bc90cb
                                                                                                          0x02bc90d0
                                                                                                          0x02bc90d8
                                                                                                          0x02bc90e0
                                                                                                          0x02bc90e8
                                                                                                          0x02bc90f0
                                                                                                          0x02bc90f8
                                                                                                          0x02bc9100
                                                                                                          0x02bc9105
                                                                                                          0x02bc910d
                                                                                                          0x02bc9115
                                                                                                          0x02bc911d
                                                                                                          0x02bc9128
                                                                                                          0x02bc9130
                                                                                                          0x02bc913b
                                                                                                          0x02bc9143
                                                                                                          0x02bc914b
                                                                                                          0x02bc9153
                                                                                                          0x02bc915b
                                                                                                          0x02bc9168
                                                                                                          0x02bc916c
                                                                                                          0x02bc9171
                                                                                                          0x02bc9179
                                                                                                          0x02bc9181
                                                                                                          0x02bc9189
                                                                                                          0x02bc918e
                                                                                                          0x02bc9196
                                                                                                          0x02bc919e
                                                                                                          0x02bc91a6
                                                                                                          0x02bc91ab
                                                                                                          0x02bc91b8
                                                                                                          0x02bc91bc
                                                                                                          0x02bc91c4
                                                                                                          0x02bc91ce
                                                                                                          0x02bc91d4
                                                                                                          0x02bc91d9
                                                                                                          0x02bc91df
                                                                                                          0x02bc91e7
                                                                                                          0x02bc91ef
                                                                                                          0x02bc91f7
                                                                                                          0x02bc91ff
                                                                                                          0x02bc920b
                                                                                                          0x02bc9210
                                                                                                          0x02bc921a
                                                                                                          0x02bc921f
                                                                                                          0x02bc9225
                                                                                                          0x02bc922d
                                                                                                          0x02bc9235
                                                                                                          0x02bc923d
                                                                                                          0x02bc9242
                                                                                                          0x02bc924a
                                                                                                          0x02bc9255
                                                                                                          0x02bc9260
                                                                                                          0x02bc926b
                                                                                                          0x02bc9276
                                                                                                          0x02bc9281
                                                                                                          0x02bc928c
                                                                                                          0x02bc9294
                                                                                                          0x02bc92a0
                                                                                                          0x02bc92a3
                                                                                                          0x02bc92a7
                                                                                                          0x02bc92af
                                                                                                          0x02bc92b7
                                                                                                          0x02bc92bc
                                                                                                          0x02bc92c1
                                                                                                          0x02bc92c6
                                                                                                          0x02bc92ce
                                                                                                          0x02bc92d6
                                                                                                          0x02bc92de
                                                                                                          0x02bc92e3
                                                                                                          0x02bc92e8
                                                                                                          0x02bc92f0
                                                                                                          0x02bc92fb
                                                                                                          0x02bc9306
                                                                                                          0x02bc9311
                                                                                                          0x02bc931c
                                                                                                          0x02bc9327
                                                                                                          0x02bc9332
                                                                                                          0x02bc933f
                                                                                                          0x02bc9343
                                                                                                          0x02bc934b
                                                                                                          0x02bc9350
                                                                                                          0x02bc9358
                                                                                                          0x02bc9360
                                                                                                          0x02bc9365
                                                                                                          0x02bc936d
                                                                                                          0x02bc9378
                                                                                                          0x02bc9380
                                                                                                          0x02bc938b
                                                                                                          0x02bc9393
                                                                                                          0x02bc939b
                                                                                                          0x02bc93a0
                                                                                                          0x02bc93a8
                                                                                                          0x02bc93b3
                                                                                                          0x02bc93be
                                                                                                          0x02bc93c9
                                                                                                          0x02bc93dc
                                                                                                          0x02bc93e5
                                                                                                          0x02bc93f0
                                                                                                          0x02bc93f8
                                                                                                          0x02bc93fc
                                                                                                          0x02bc9404
                                                                                                          0x02bc940c
                                                                                                          0x02bc9414
                                                                                                          0x02bc9428
                                                                                                          0x02bc942b
                                                                                                          0x02bc9432
                                                                                                          0x02bc943d
                                                                                                          0x02bc9445
                                                                                                          0x02bc944d
                                                                                                          0x02bc9455
                                                                                                          0x02bc945d
                                                                                                          0x02bc9465
                                                                                                          0x02bc9469
                                                                                                          0x02bc946e
                                                                                                          0x02bc9476
                                                                                                          0x02bc947e
                                                                                                          0x02bc9483
                                                                                                          0x02bc948b
                                                                                                          0x02bc9496
                                                                                                          0x02bc94a1
                                                                                                          0x02bc94ac
                                                                                                          0x02bc94b4
                                                                                                          0x02bc94b9
                                                                                                          0x02bc94c1
                                                                                                          0x02bc94c9
                                                                                                          0x02bc94d6
                                                                                                          0x02bc94da
                                                                                                          0x02bc94e7
                                                                                                          0x02bc94eb
                                                                                                          0x02bc94f3
                                                                                                          0x02bc94f3
                                                                                                          0x02bc94f3
                                                                                                          0x02bc94f8
                                                                                                          0x02bc94fe
                                                                                                          0x02bc9688
                                                                                                          0x00000000
                                                                                                          0x02bc9504
                                                                                                          0x02bc950a
                                                                                                          0x02bc96ae
                                                                                                          0x02bc9510
                                                                                                          0x02bc9516
                                                                                                          0x02bc95c7
                                                                                                          0x02bc95d0
                                                                                                          0x02bc95d4
                                                                                                          0x02bc95dc
                                                                                                          0x02bc95e1
                                                                                                          0x02bc95ec
                                                                                                          0x02bc95f0
                                                                                                          0x02bc9630
                                                                                                          0x02bc9647
                                                                                                          0x02bc9655
                                                                                                          0x02bc9672
                                                                                                          0x02bc9677
                                                                                                          0x02bc967e
                                                                                                          0x02bc9681
                                                                                                          0x00000000
                                                                                                          0x02bc951c
                                                                                                          0x02bc951c
                                                                                                          0x02bc951e
                                                                                                          0x00000000
                                                                                                          0x02bc9524
                                                                                                          0x02bc9524
                                                                                                          0x02bc9530
                                                                                                          0x02bc9534
                                                                                                          0x02bc953f
                                                                                                          0x02bc9575
                                                                                                          0x02bc9581
                                                                                                          0x02bc959b
                                                                                                          0x02bc95a7
                                                                                                          0x02bc95ba
                                                                                                          0x02bc95bf
                                                                                                          0x00000000
                                                                                                          0x02bc95bf
                                                                                                          0x02bc951e
                                                                                                          0x02bc9516
                                                                                                          0x02bc950a
                                                                                                          0x02bc96b7
                                                                                                          0x02bc96c1
                                                                                                          0x02bc968d
                                                                                                          0x02bc968d
                                                                                                          0x02bc968d
                                                                                                          0x00000000
                                                                                                          0x02bc9699

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: <S$tU$zPB
                                                                                                          • API String ID: 0-3909742637
                                                                                                          • Opcode ID: 7d685c85e760d3ac096127e9ca39ccd45fa538ba7a3bf764a389f475ade21897
                                                                                                          • Instruction ID: c13e0ecfde12fe8ee7bbb5f82f31523527d52c6578cf94f4224ed5a11223b2e4
                                                                                                          • Opcode Fuzzy Hash: 7d685c85e760d3ac096127e9ca39ccd45fa538ba7a3bf764a389f475ade21897
                                                                                                          • Instruction Fuzzy Hash: D1F10E715083809FD368CF21C58AA5BBBF2FBC5748F10891DE5EA86260D7B18919CF43
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BC9DF5, Relevance: 4.0, Strings: 3, Instructions: 223COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 93%
                                                                                                          			E02BC9DF5(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v128;
				char _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				unsigned int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				void* _t196;
				void* _t219;
				char _t222;
				void* _t227;
				char* _t235;
				void* _t259;
				signed int _t260;
				signed int _t261;
				signed int _t262;
				signed int _t263;
				signed int _t264;
				signed int _t265;
				signed int _t266;
				signed int _t267;
				signed int _t268;
				signed int* _t272;

				_push(_a12);
				_t259 = __ecx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E02BCFE29(_t196);
				_v164 = 0xe41f8c;
				_t272 =  &(( &_v208)[5]);
				_v164 = _v164 << 0x10;
				_t227 = 0xb5c0777;
				_t260 = 0x69;
				_v164 = _v164 * 0x11;
				_v164 = _v164 ^ 0x18467706;
				_v180 = 0xeb334b;
				_v180 = _v180 ^ 0xb42ec71e;
				_v180 = _v180 << 0xf;
				_v180 = _v180 ^ 0xfa2f170d;
				_v204 = 0x9173d0;
				_v204 = _v204 / _t260;
				_v204 = _v204 + 0xc6b3;
				_t261 = 0x22;
				_v204 = _v204 / _t261;
				_v204 = _v204 ^ 0x000ee5cc;
				_v176 = 0x7c8d5;
				_v176 = _v176 | 0x723fe192;
				_v176 = _v176 + 0x4897;
				_v176 = _v176 ^ 0x724c9210;
				_v184 = 0xa283a5;
				_v184 = _v184 >> 0xd;
				_v184 = _v184 >> 9;
				_v184 = _v184 ^ 0x00039d39;
				_v172 = 0xfcf8f5;
				_t262 = 0x68;
				_v172 = _v172 / _t262;
				_t263 = 0x12;
				_v172 = _v172 / _t263;
				_v172 = _v172 ^ 0x0008ec4c;
				_v196 = 0x6ce5d4;
				_v196 = _v196 + 0x3b25;
				_v196 = _v196 ^ 0x77f3da3b;
				_v196 = _v196 + 0xa9d5;
				_v196 = _v196 ^ 0x779af0ad;
				_v156 = 0x25f26f;
				_t264 = 0x4f;
				_v156 = _v156 / _t264;
				_v156 = _v156 ^ 0x000ca3cb;
				_v188 = 0x55ff28;
				_t265 = 7;
				_v188 = _v188 / _t265;
				_t266 = 0x50;
				_v188 = _v188 / _t266;
				_v188 = _v188 ^ 0x000cd773;
				_v148 = 0x9faf35;
				_v148 = _v148 >> 0xb;
				_v148 = _v148 ^ 0x00041a0d;
				_v144 = 0xb9aa79;
				_v144 = _v144 + 0xffff300b;
				_v144 = _v144 ^ 0x00b65e72;
				_v152 = 0xe2e022;
				_v152 = _v152 << 0xa;
				_v152 = _v152 ^ 0x8b87efd2;
				_v140 = 0x6f845f;
				_v140 = _v140 ^ 0xc6ebfb93;
				_v140 = _v140 ^ 0xc684fc76;
				_v208 = 0x15bd2c;
				_v208 = _v208 + 0xca24;
				_v208 = _v208 + 0xaf45;
				_v208 = _v208 >> 5;
				_v208 = _v208 ^ 0x000727e8;
				_v136 = 0x982476;
				_v136 = _v136 | 0xd92aa943;
				_v136 = _v136 ^ 0xd9b01548;
				_v160 = 0x20104f;
				_v160 = _v160 ^ 0xef20d220;
				_t267 = 0x2e;
				_v160 = _v160 * 0x21;
				_v160 = _v160 ^ 0xcf1410de;
				_v168 = 0x2e9b6b;
				_v168 = _v168 + 0xffff5c1c;
				_v168 = _v168 * 0x26;
				_v168 = _v168 ^ 0x06dc91dd;
				_v192 = 0xd01025;
				_v192 = _v192 | 0x8f03462b;
				_v192 = _v192 + 0xffffdaa2;
				_v192 = _v192 << 2;
				_v192 = _v192 ^ 0x3f4450ba;
				_v200 = 0xfd9656;
				_v200 = _v200 | 0x00ba0155;
				_v200 = _v200 / _t267;
				_t268 = 0x6a;
				_v200 = _v200 / _t268;
				_v200 = _v200 ^ 0x00073cbf;
				while(_t227 != 0x9fc41a2) {
					if(_t227 == 0xa1171ea) {
						_v132 = 0x80;
						_t222 = E02BC96C2(_v164, _v180, _v204, _v176,  &_v128,  &_v132);
						_t272 =  &(_t272[4]);
						_t227 = 0xabd7dae;
						continue;
					} else {
						if(_t227 == 0xabd7dae) {
							__eflags = _v128;
							_t235 =  &_v128;
							while(__eflags != 0) {
								_t222 =  *_t235;
								__eflags = _t222 - 0x30;
								if(_t222 < 0x30) {
									L9:
									__eflags = _t222 - 0x61;
									if(_t222 < 0x61) {
										L11:
										__eflags = _t222 - 0x41;
										if(_t222 < 0x41) {
											L13:
											 *_t235 = 0x58;
										} else {
											__eflags = _t222 - 0x5a;
											if(_t222 > 0x5a) {
												goto L13;
											}
										}
									} else {
										__eflags = _t222 - 0x7a;
										if(_t222 > 0x7a) {
											goto L11;
										}
									}
								} else {
									__eflags = _t222 - 0x39;
									if(_t222 > 0x39) {
										goto L9;
									}
								}
								_t235 = _t235 + 1;
								__eflags =  *_t235;
							}
							_t227 = 0x9fc41a2;
							continue;
						} else {
							if(_t227 == 0xb5c0777) {
								_t227 = 0xa1171ea;
								continue;
							}
						}
					}
					L18:
					__eflags = _t227 - 0x108096a;
					if(__eflags != 0) {
						continue;
					}
					return _t222;
				}
				_push(_v156);
				_push(_v196);
				_push(0x2bb119c);
				_t219 = E02BC4244(_v184, _v172, __eflags);
				E02BD0A1A(E02BC5515(__eflags), __eflags, _t219, _v152,  &_v128, _v188, _t259, _v140, _v208, _v136);
				_t222 = E02BCFECB(_t219, _v160, _v168, _v192, _v200);
				_t272 =  &(_t272[0xe]);
				_t227 = 0x108096a;
				goto L18;
			}








































                                                                                                          0x02bc9dff
                                                                                                          0x02bc9e06
                                                                                                          0x02bc9e08
                                                                                                          0x02bc9e0f
                                                                                                          0x02bc9e16
                                                                                                          0x02bc9e17
                                                                                                          0x02bc9e18
                                                                                                          0x02bc9e1d
                                                                                                          0x02bc9e25
                                                                                                          0x02bc9e28
                                                                                                          0x02bc9e34
                                                                                                          0x02bc9e3b
                                                                                                          0x02bc9e3e
                                                                                                          0x02bc9e42
                                                                                                          0x02bc9e4a
                                                                                                          0x02bc9e52
                                                                                                          0x02bc9e5a
                                                                                                          0x02bc9e5f
                                                                                                          0x02bc9e67
                                                                                                          0x02bc9e77
                                                                                                          0x02bc9e7b
                                                                                                          0x02bc9e87
                                                                                                          0x02bc9e8c
                                                                                                          0x02bc9e92
                                                                                                          0x02bc9e9a
                                                                                                          0x02bc9ea2
                                                                                                          0x02bc9eaa
                                                                                                          0x02bc9eb2
                                                                                                          0x02bc9eba
                                                                                                          0x02bc9ec2
                                                                                                          0x02bc9ec7
                                                                                                          0x02bc9ecc
                                                                                                          0x02bc9ed4
                                                                                                          0x02bc9ee0
                                                                                                          0x02bc9ee5
                                                                                                          0x02bc9eef
                                                                                                          0x02bc9ef4
                                                                                                          0x02bc9efa
                                                                                                          0x02bc9f02
                                                                                                          0x02bc9f0a
                                                                                                          0x02bc9f12
                                                                                                          0x02bc9f1a
                                                                                                          0x02bc9f22
                                                                                                          0x02bc9f2a
                                                                                                          0x02bc9f36
                                                                                                          0x02bc9f3b
                                                                                                          0x02bc9f41
                                                                                                          0x02bc9f49
                                                                                                          0x02bc9f55
                                                                                                          0x02bc9f5a
                                                                                                          0x02bc9f64
                                                                                                          0x02bc9f69
                                                                                                          0x02bc9f6f
                                                                                                          0x02bc9f7c
                                                                                                          0x02bc9f89
                                                                                                          0x02bc9f8e
                                                                                                          0x02bc9f96
                                                                                                          0x02bc9f9e
                                                                                                          0x02bc9fa6
                                                                                                          0x02bc9fae
                                                                                                          0x02bc9fb6
                                                                                                          0x02bc9fbb
                                                                                                          0x02bc9fc3
                                                                                                          0x02bc9fcb
                                                                                                          0x02bc9fd3
                                                                                                          0x02bc9fdb
                                                                                                          0x02bc9fe3
                                                                                                          0x02bc9feb
                                                                                                          0x02bc9ff3
                                                                                                          0x02bc9ff8
                                                                                                          0x02bca000
                                                                                                          0x02bca008
                                                                                                          0x02bca010
                                                                                                          0x02bca018
                                                                                                          0x02bca020
                                                                                                          0x02bca02d
                                                                                                          0x02bca030
                                                                                                          0x02bca034
                                                                                                          0x02bca03c
                                                                                                          0x02bca044
                                                                                                          0x02bca051
                                                                                                          0x02bca055
                                                                                                          0x02bca05d
                                                                                                          0x02bca065
                                                                                                          0x02bca06d
                                                                                                          0x02bca075
                                                                                                          0x02bca07a
                                                                                                          0x02bca082
                                                                                                          0x02bca08a
                                                                                                          0x02bca09a
                                                                                                          0x02bca0a2
                                                                                                          0x02bca0a5
                                                                                                          0x02bca0a9
                                                                                                          0x02bca0b1
                                                                                                          0x02bca0bb
                                                                                                          0x02bca10b
                                                                                                          0x02bca129
                                                                                                          0x02bca12e
                                                                                                          0x02bca131
                                                                                                          0x00000000
                                                                                                          0x02bca0bd
                                                                                                          0x02bca0c3
                                                                                                          0x02bca0d5
                                                                                                          0x02bca0da
                                                                                                          0x02bca0de
                                                                                                          0x02bca0e0
                                                                                                          0x02bca0e2
                                                                                                          0x02bca0e4
                                                                                                          0x02bca0ea
                                                                                                          0x02bca0ea
                                                                                                          0x02bca0ec
                                                                                                          0x02bca0f2
                                                                                                          0x02bca0f2
                                                                                                          0x02bca0f4
                                                                                                          0x02bca0fa
                                                                                                          0x02bca0fa
                                                                                                          0x02bca0f6
                                                                                                          0x02bca0f6
                                                                                                          0x02bca0f8
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bca0f8
                                                                                                          0x02bca0ee
                                                                                                          0x02bca0ee
                                                                                                          0x02bca0f0
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bca0f0
                                                                                                          0x02bca0e6
                                                                                                          0x02bca0e6
                                                                                                          0x02bca0e8
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bca0e8
                                                                                                          0x02bca0fd
                                                                                                          0x02bca0fe
                                                                                                          0x02bca0fe
                                                                                                          0x02bca103
                                                                                                          0x00000000
                                                                                                          0x02bca0c5
                                                                                                          0x02bca0cb
                                                                                                          0x02bca0d1
                                                                                                          0x00000000
                                                                                                          0x02bca0d1
                                                                                                          0x02bca0cb
                                                                                                          0x02bca0c3
                                                                                                          0x02bca1a9
                                                                                                          0x02bca1a9
                                                                                                          0x02bca1af
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bca1bf
                                                                                                          0x02bca1bf
                                                                                                          0x02bca13b
                                                                                                          0x02bca13f
                                                                                                          0x02bca14b
                                                                                                          0x02bca150
                                                                                                          0x02bca185
                                                                                                          0x02bca19c
                                                                                                          0x02bca1a1
                                                                                                          0x02bca1a4
                                                                                                          0x00000000

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: "$%;$K3
                                                                                                          • API String ID: 0-3594330084
                                                                                                          • Opcode ID: 3a2fb3da52b844046f960e797f86af5645e77cb957051d3cd281f4c101468da9
                                                                                                          • Instruction ID: c76bf87d81510e23af0df76743396e00270f694b21d7a808c74d47de30fc7689
                                                                                                          • Opcode Fuzzy Hash: 3a2fb3da52b844046f960e797f86af5645e77cb957051d3cd281f4c101468da9
                                                                                                          • Instruction Fuzzy Hash: 62A173721083849FD354DF66C98995BBBE2FBC9768F10895DF0C59A220D3B58949CF43
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BBA445, Relevance: 4.0, Strings: 3, Instructions: 213COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 98%
                                                                                                          			E02BBA445() {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				void* _t198;
				signed int _t201;
				signed int _t203;
				void* _t206;
				void* _t220;
				void* _t225;
				signed int _t226;
				signed int _t227;
				signed int _t228;
				intOrPtr _t229;
				intOrPtr* _t230;
				signed int _t231;
				signed int* _t232;

				_t232 =  &_v84;
				_v16 = 0x845726;
				_v16 = _v16 << 7;
				_t206 = 0xba97f4f;
				_v16 = _v16 ^ 0x422a9300;
				_v76 = 0xf633ca;
				_v76 = _v76 + 0xffff7f31;
				_v76 = _v76 << 6;
				_v76 = _v76 | 0x2929f239;
				_v76 = _v76 ^ 0x3d62fec6;
				_v20 = 0xcffe1c;
				_v20 = _v20 ^ 0x03d09261;
				_v20 = _v20 ^ 0x03162068;
				_v24 = 0xa4ea56;
				_v24 = _v24 + 0xffff4c41;
				_v24 = _v24 ^ 0x00afa4b9;
				_v40 = 0x50bd11;
				_v40 = _v40 + 0xffffa7ab;
				_v40 = _v40 * 0x3f;
				_t225 = 0;
				_v40 = _v40 ^ 0x13cebba3;
				_v60 = 0x50c08b;
				_v60 = _v60 ^ 0xc2cf2608;
				_v60 = _v60 << 4;
				_t226 = 0x56;
				_v60 = _v60 / _t226;
				_v60 = _v60 ^ 0x0073141c;
				_v64 = 0xa37df4;
				_v64 = _v64 + 0xffffdd88;
				_v64 = _v64 + 0xe629;
				_v64 = _v64 << 3;
				_v64 = _v64 ^ 0x0527d1d9;
				_v68 = 0x27b9fb;
				_t227 = 0x58;
				_v68 = _v68 / _t227;
				_v68 = _v68 * 0x63;
				_v68 = _v68 * 0x3d;
				_v68 = _v68 ^ 0x0aa4ff90;
				_v72 = 0x604a05;
				_v72 = _v72 | 0x3301bbe0;
				_v72 = _v72 + 0xf4ce;
				_v72 = _v72 + 0xffff6149;
				_v72 = _v72 ^ 0x336b10da;
				_v52 = 0x457d04;
				_v52 = _v52 * 0x45;
				_v52 = _v52 | 0xd82309ca;
				_v52 = _v52 + 0xff64;
				_v52 = _v52 ^ 0xdab2f2cc;
				_v8 = 0x71eccb;
				_v8 = _v8 >> 3;
				_v8 = _v8 ^ 0x000a626b;
				_v12 = 0x94a0c6;
				_v12 = _v12 + 0xffffb2fd;
				_v12 = _v12 ^ 0x009145d9;
				_v56 = 0xdce517;
				_v56 = _v56 >> 1;
				_v56 = _v56 | 0xebc149ed;
				_v56 = _v56 + 0xffff7372;
				_v56 = _v56 ^ 0xebe5f8bb;
				_v44 = 0x6f3a42;
				_v44 = _v44 ^ 0x930a70ca;
				_v44 = _v44 ^ 0x072310e6;
				_v44 = _v44 ^ 0x944572d0;
				_v28 = 0xde598c;
				_v28 = _v28 + 0xffffb8ee;
				_v28 = _v28 ^ 0x00dc27c3;
				_v80 = 0x428d3e;
				_v80 = _v80 * 0x44;
				_v80 = _v80 + 0x7fb1;
				_v80 = _v80 ^ 0x009e7bae;
				_v80 = _v80 ^ 0x11330260;
				_v84 = 0x321edf;
				_v84 = _v84 | 0x009a6787;
				_v84 = _v84 ^ 0xc86f44a5;
				_v84 = _v84 ^ 0xbb12ab62;
				_v84 = _v84 ^ 0x73cf70d9;
				_v48 = 0x740eb7;
				_v48 = _v48 * 0x2b;
				_v48 = _v48 * 0x4f;
				_v48 = _v48 + 0xb6e6;
				_v48 = _v48 ^ 0x040daff3;
				_v32 = 0x3035f0;
				_v32 = _v32 ^ 0xe5f6800a;
				_v32 = _v32 << 1;
				_v32 = _v32 ^ 0xcb8c371c;
				_v36 = 0xd97c9c;
				_v36 = _v36 >> 3;
				_v36 = _v36 * 0x24;
				_v36 = _v36 ^ 0x03d4918e;
				_v4 = 0x2cfea0;
				_v4 = _v4 ^ 0xf57e16a0;
				_v4 = _v4 ^ 0xf550cd22;
				_t205 = _v4;
				_t231 = _v4;
				_t228 = _v4;
				while(1) {
					L1:
					_push(0x5c);
					while(1) {
						L2:
						_t198 = 0xd71e2f;
						do {
							L3:
							while(_t206 != _t198) {
								if(_t206 == 0x1e5f8bf) {
									_t201 = E02BBEE62(_v60, _t205, _v64, _v68, _v72, _v16, _t228);
									_t232 =  &(_t232[5]);
									_t231 = _t201;
									_t198 = 0xd71e2f;
									_t206 =  !=  ? 0xd71e2f : 0x6f129a6;
									_t220 = 0x5c;
									continue;
								} else {
									if(_t206 == 0x6f129a6) {
										E02BB3046(_v48, _v32, _v36, _t205, _v4);
									} else {
										if(_t206 == 0x960e40f) {
											_t203 = E02BCE8B6(_t206, _v20, _v24, _t206, _v76, _v40);
											_t205 = _t203;
											_t232 =  &(_t232[4]);
											if(_t203 != 0) {
												_t206 = 0x1e5f8bf;
												goto L1;
											}
										} else {
											if(_t206 == 0xba97f4f) {
												_t206 = 0xbab8332;
												continue;
											} else {
												if(_t206 == 0xbab8332) {
													_t229 =  *0x2bd6214; // 0x0
													_t230 = _t229 + 0x23c;
													while( *_t230 != _t220) {
														_t230 = _t230 + 2;
													}
													_t228 = _t230 + 2;
													_t206 = 0x960e40f;
													goto L2;
												} else {
													if(_t206 != 0xe557a67) {
														goto L20;
													} else {
														E02BB3046(_v44, _v28, _v80, _t231, _v84);
														_t232 =  &(_t232[3]);
														_t206 = 0x6f129a6;
														while(1) {
															L1:
															_push(0x5c);
															L2:
															_t198 = 0xd71e2f;
															goto L3;
														}
													}
												}
											}
										}
									}
								}
								L23:
								return _t225;
							}
							E02BB1E9B(_v52, _t231, _v8, _v12, _v56);
							_t232 =  &(_t232[3]);
							_t198 = 0xd71e2f;
							_t225 =  !=  ? 1 : _t225;
							_t206 = 0xe557a67;
							_t220 = 0x5c;
							L20:
						} while (_t206 != 0x6b89e3f);
						goto L23;
					}
				}
			}





































                                                                                                          0x02bba445
                                                                                                          0x02bba448
                                                                                                          0x02bba452
                                                                                                          0x02bba457
                                                                                                          0x02bba45c
                                                                                                          0x02bba464
                                                                                                          0x02bba46c
                                                                                                          0x02bba474
                                                                                                          0x02bba479
                                                                                                          0x02bba481
                                                                                                          0x02bba489
                                                                                                          0x02bba491
                                                                                                          0x02bba499
                                                                                                          0x02bba4a1
                                                                                                          0x02bba4a9
                                                                                                          0x02bba4b1
                                                                                                          0x02bba4b9
                                                                                                          0x02bba4c1
                                                                                                          0x02bba4d2
                                                                                                          0x02bba4d6
                                                                                                          0x02bba4d8
                                                                                                          0x02bba4e0
                                                                                                          0x02bba4e8
                                                                                                          0x02bba4f0
                                                                                                          0x02bba4fb
                                                                                                          0x02bba500
                                                                                                          0x02bba506
                                                                                                          0x02bba50e
                                                                                                          0x02bba516
                                                                                                          0x02bba51e
                                                                                                          0x02bba526
                                                                                                          0x02bba52b
                                                                                                          0x02bba533
                                                                                                          0x02bba53f
                                                                                                          0x02bba542
                                                                                                          0x02bba54b
                                                                                                          0x02bba554
                                                                                                          0x02bba558
                                                                                                          0x02bba560
                                                                                                          0x02bba568
                                                                                                          0x02bba570
                                                                                                          0x02bba578
                                                                                                          0x02bba580
                                                                                                          0x02bba588
                                                                                                          0x02bba595
                                                                                                          0x02bba599
                                                                                                          0x02bba5a1
                                                                                                          0x02bba5a9
                                                                                                          0x02bba5b1
                                                                                                          0x02bba5b9
                                                                                                          0x02bba5be
                                                                                                          0x02bba5c6
                                                                                                          0x02bba5ce
                                                                                                          0x02bba5d6
                                                                                                          0x02bba5de
                                                                                                          0x02bba5e6
                                                                                                          0x02bba5ea
                                                                                                          0x02bba5f2
                                                                                                          0x02bba5fa
                                                                                                          0x02bba602
                                                                                                          0x02bba60a
                                                                                                          0x02bba612
                                                                                                          0x02bba61a
                                                                                                          0x02bba622
                                                                                                          0x02bba62a
                                                                                                          0x02bba632
                                                                                                          0x02bba63a
                                                                                                          0x02bba647
                                                                                                          0x02bba64b
                                                                                                          0x02bba653
                                                                                                          0x02bba65b
                                                                                                          0x02bba663
                                                                                                          0x02bba66b
                                                                                                          0x02bba673
                                                                                                          0x02bba67b
                                                                                                          0x02bba683
                                                                                                          0x02bba68b
                                                                                                          0x02bba698
                                                                                                          0x02bba6a1
                                                                                                          0x02bba6a5
                                                                                                          0x02bba6ad
                                                                                                          0x02bba6b5
                                                                                                          0x02bba6bd
                                                                                                          0x02bba6c5
                                                                                                          0x02bba6c9
                                                                                                          0x02bba6d1
                                                                                                          0x02bba6d9
                                                                                                          0x02bba6e3
                                                                                                          0x02bba6e7
                                                                                                          0x02bba6ef
                                                                                                          0x02bba6f7
                                                                                                          0x02bba6ff
                                                                                                          0x02bba707
                                                                                                          0x02bba70b
                                                                                                          0x02bba70f
                                                                                                          0x02bba713
                                                                                                          0x02bba713
                                                                                                          0x02bba713
                                                                                                          0x02bba716
                                                                                                          0x02bba716
                                                                                                          0x02bba716
                                                                                                          0x02bba71b
                                                                                                          0x00000000
                                                                                                          0x02bba71b
                                                                                                          0x02bba729
                                                                                                          0x02bba7f0
                                                                                                          0x02bba7f5
                                                                                                          0x02bba7f8
                                                                                                          0x02bba801
                                                                                                          0x02bba806
                                                                                                          0x02bba80b
                                                                                                          0x00000000
                                                                                                          0x02bba72f
                                                                                                          0x02bba735
                                                                                                          0x02bba85f
                                                                                                          0x02bba73b
                                                                                                          0x02bba741
                                                                                                          0x02bba7bd
                                                                                                          0x02bba7c2
                                                                                                          0x02bba7c4
                                                                                                          0x02bba7c9
                                                                                                          0x02bba7cf
                                                                                                          0x00000000
                                                                                                          0x02bba7cf
                                                                                                          0x02bba743
                                                                                                          0x02bba749
                                                                                                          0x02bba7a2
                                                                                                          0x00000000
                                                                                                          0x02bba74b
                                                                                                          0x02bba751
                                                                                                          0x02bba77f
                                                                                                          0x02bba785
                                                                                                          0x02bba790
                                                                                                          0x02bba78d
                                                                                                          0x02bba78d
                                                                                                          0x02bba795
                                                                                                          0x02bba798
                                                                                                          0x00000000
                                                                                                          0x02bba753
                                                                                                          0x02bba759
                                                                                                          0x00000000
                                                                                                          0x02bba75f
                                                                                                          0x02bba770
                                                                                                          0x02bba775
                                                                                                          0x02bba778
                                                                                                          0x02bba713
                                                                                                          0x02bba713
                                                                                                          0x02bba713
                                                                                                          0x02bba716
                                                                                                          0x02bba716
                                                                                                          0x00000000
                                                                                                          0x02bba716
                                                                                                          0x02bba713
                                                                                                          0x02bba759
                                                                                                          0x02bba751
                                                                                                          0x02bba749
                                                                                                          0x02bba741
                                                                                                          0x02bba735
                                                                                                          0x02bba867
                                                                                                          0x02bba870
                                                                                                          0x02bba870
                                                                                                          0x02bba823
                                                                                                          0x02bba828
                                                                                                          0x02bba830
                                                                                                          0x02bba835
                                                                                                          0x02bba838
                                                                                                          0x02bba83f
                                                                                                          0x02bba840
                                                                                                          0x02bba840
                                                                                                          0x00000000
                                                                                                          0x02bba84c
                                                                                                          0x02bba716

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: )$B:o$kb
                                                                                                          • API String ID: 0-1085388577
                                                                                                          • Opcode ID: 0ff2cc0b330d68de76cec94b48ac0e1470906735d7d23e7b43bcc49217798426
                                                                                                          • Instruction ID: 2abd1e84790297a4155f6fcee8c94de7ee5ad6ca483497c27aa72dfe17c6efe0
                                                                                                          • Opcode Fuzzy Hash: 0ff2cc0b330d68de76cec94b48ac0e1470906735d7d23e7b43bcc49217798426
                                                                                                          • Instruction Fuzzy Hash: A8A120718083419FC799CF66C89942BBBF1FFC4748F009A2DF59A96260D7B18909CF82
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BCBEFD, Relevance: 4.0, Strings: 3, Instructions: 201COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 96%
                                                                                                          			E02BCBEFD(void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				char _v616;
				void* _t242;
				void* _t243;
				signed int _t251;
				signed int _t252;
				signed int _t253;
				signed int _t254;
				signed int _t255;
				signed int _t256;
				signed int _t257;
				signed int _t258;
				signed int _t259;
				intOrPtr _t285;

				_v52 = 0xa5be;
				_t251 = 0x16;
				_v52 = _v52 / _t251;
				_v52 = _v52 >> 0xc;
				_v52 = _v52 ^ 0x0005c33b;
				_v48 = 0xc42d20;
				_v48 = _v48 >> 0xd;
				_v48 = _v48 + 0xffffc4d0;
				_v48 = _v48 ^ 0xfffeda29;
				_v72 = 0x4321a7;
				_v72 = _v72 | 0xa4ce3c40;
				_v72 = _v72 ^ 0xa4cab40f;
				_v24 = 0x227e38;
				_t25 =  &_v24; // 0x227e38
				_t252 = 0x2c;
				_v24 =  *_t25 * 0x3c;
				_t27 =  &_v24; // 0x227e38
				_v24 =  *_t27 * 0x66;
				_t29 =  &_v24; // 0x227e38
				_v24 =  *_t29 / _t252;
				_v24 = _v24 ^ 0x014a285a;
				_v60 = 0xfcfbbc;
				_v60 = _v60 >> 8;
				_v60 = _v60 ^ 0x000d93d1;
				_v96 = 0xf80007;
				_v96 = _v96 + 0xaa36;
				_v96 = _v96 ^ 0x00fda443;
				_v80 = 0x5511cc;
				_v80 = _v80 >> 6;
				_v80 = _v80 ^ 0x00043fa8;
				_v88 = 0xbb6e3f;
				_v88 = _v88 + 0xffffbcf0;
				_v88 = _v88 ^ 0x00b4c382;
				_v8 = 0x49da65;
				_v8 = _v8 >> 3;
				_v8 = _v8 >> 7;
				_v8 = _v8 >> 0xb;
				_v8 = _v8 ^ 0x0002f4aa;
				_v16 = 0xc843f1;
				_t253 = 0x50;
				_v16 = _v16 / _t253;
				_v16 = _v16 ^ 0x9e242cdc;
				_v16 = _v16 + 0xffff9a81;
				_v16 = _v16 ^ 0x9e230a73;
				_v36 = 0x2e6bc5;
				_v36 = _v36 | 0x2558a4e0;
				_v36 = _v36 + 0xfffff4e9;
				_v36 = _v36 ^ 0x257724e9;
				_v12 = 0x80a3b9;
				_t254 = 0x6f;
				_v12 = _v12 * 0x79;
				_v12 = _v12 + 0xffff3c67;
				_v12 = _v12 | 0xeef82a75;
				_v12 = _v12 ^ 0xfef88c24;
				_v68 = 0x7db499;
				_v68 = _v68 + 0xffff3f49;
				_v68 = _v68 ^ 0x007e0dc2;
				_v44 = 0x9f49e4;
				_v44 = _v44 << 0xd;
				_v44 = _v44 ^ 0x1368a87d;
				_v44 = _v44 ^ 0xfa51dcf6;
				_v64 = 0x98f463;
				_v64 = _v64 / _t254;
				_v64 = _v64 ^ 0x0008fd0c;
				_v76 = 0x12aedd;
				_v76 = _v76 + 0xf7e7;
				_v76 = _v76 ^ 0x001c1bc6;
				_v28 = 0x4e33bd;
				_t255 = 3;
				_v28 = _v28 / _t255;
				_t256 = 0x48;
				_v28 = _v28 / _t256;
				_t257 = 0x1b;
				_v28 = _v28 * 0x5d;
				_v28 = _v28 ^ 0x002c0e7b;
				_v20 = 0x6739f6;
				_v20 = _v20 * 0x51;
				_v20 = _v20 + 0x822b;
				_v20 = _v20 + 0xffff6302;
				_v20 = _v20 ^ 0x20a7052c;
				_v40 = 0xf776a1;
				_v40 = _v40 | 0xfaf9a8ad;
				_v40 = _v40 + 0xffffa6b3;
				_v40 = _v40 ^ 0xfaf95b8b;
				_v56 = 0xfd0dae;
				_v56 = _v56 / _t257;
				_t258 = 0x23;
				_v56 = _v56 / _t258;
				_v56 = _v56 ^ 0x000358d4;
				_v32 = 0xe62709;
				_v32 = _v32 + 0xffff3f09;
				_v32 = _v32 >> 8;
				_v32 = _v32 ^ 0x0009f673;
				_v92 = 0xdc059c;
				_v92 = _v92 << 4;
				_v92 = _v92 ^ 0x0dc87abe;
				_v84 = 0xab2272;
				_t259 = 0xb;
				_v84 = _v84 / _t259;
				_v84 = _v84 ^ 0x0001c613;
				_t285 =  *0x2bd6214; // 0x0
				_t242 = E02BC09DD(_v52, _t285 + 0x23c, _v48, _v72);
				_t293 = _a4 + 0x2c;
				_t243 = E02BD061D(_v24, _a4 + 0x2c, _t242, _v60, _v96);
				_t302 = _t243;
				if(_t243 != 0) {
					_push(_v16);
					_push(_v8);
					_push(_v88);
					E02BD2D0A(_v12, _t302, _t293, _v68, _v44, _v64, _a8,  &_v616,  *((intOrPtr*)(_a8 + 0x3c)), E02BCE1F8(0x2bb1000, _v80, _t302));
					E02BCFECB(_t246, _v76, _v28, _v20, _v40);
					E02BBD061( &_v616, _v56, _v32, _v92, _v84);
				}
				return 1;
			}







































                                                                                                          0x02bcbf06
                                                                                                          0x02bcbf15
                                                                                                          0x02bcbf1a
                                                                                                          0x02bcbf1f
                                                                                                          0x02bcbf23
                                                                                                          0x02bcbf2a
                                                                                                          0x02bcbf31
                                                                                                          0x02bcbf35
                                                                                                          0x02bcbf3c
                                                                                                          0x02bcbf43
                                                                                                          0x02bcbf4a
                                                                                                          0x02bcbf51
                                                                                                          0x02bcbf58
                                                                                                          0x02bcbf5f
                                                                                                          0x02bcbf63
                                                                                                          0x02bcbf66
                                                                                                          0x02bcbf69
                                                                                                          0x02bcbf6d
                                                                                                          0x02bcbf70
                                                                                                          0x02bcbf77
                                                                                                          0x02bcbf7a
                                                                                                          0x02bcbf81
                                                                                                          0x02bcbf88
                                                                                                          0x02bcbf8c
                                                                                                          0x02bcbf93
                                                                                                          0x02bcbf9a
                                                                                                          0x02bcbfa1
                                                                                                          0x02bcbfa8
                                                                                                          0x02bcbfaf
                                                                                                          0x02bcbfb3
                                                                                                          0x02bcbfba
                                                                                                          0x02bcbfc1
                                                                                                          0x02bcbfc8
                                                                                                          0x02bcbfcf
                                                                                                          0x02bcbfd6
                                                                                                          0x02bcbfda
                                                                                                          0x02bcbfde
                                                                                                          0x02bcbfe2
                                                                                                          0x02bcbfe9
                                                                                                          0x02bcbff3
                                                                                                          0x02bcbff8
                                                                                                          0x02bcbffd
                                                                                                          0x02bcc004
                                                                                                          0x02bcc00b
                                                                                                          0x02bcc012
                                                                                                          0x02bcc019
                                                                                                          0x02bcc020
                                                                                                          0x02bcc027
                                                                                                          0x02bcc02e
                                                                                                          0x02bcc039
                                                                                                          0x02bcc03a
                                                                                                          0x02bcc03d
                                                                                                          0x02bcc044
                                                                                                          0x02bcc04b
                                                                                                          0x02bcc052
                                                                                                          0x02bcc059
                                                                                                          0x02bcc060
                                                                                                          0x02bcc067
                                                                                                          0x02bcc06e
                                                                                                          0x02bcc072
                                                                                                          0x02bcc079
                                                                                                          0x02bcc080
                                                                                                          0x02bcc08c
                                                                                                          0x02bcc08f
                                                                                                          0x02bcc096
                                                                                                          0x02bcc09f
                                                                                                          0x02bcc0a6
                                                                                                          0x02bcc0ad
                                                                                                          0x02bcc0b9
                                                                                                          0x02bcc0be
                                                                                                          0x02bcc0c6
                                                                                                          0x02bcc0cb
                                                                                                          0x02bcc0d4
                                                                                                          0x02bcc0d7
                                                                                                          0x02bcc0da
                                                                                                          0x02bcc0e1
                                                                                                          0x02bcc0ec
                                                                                                          0x02bcc0ef
                                                                                                          0x02bcc0f6
                                                                                                          0x02bcc0fd
                                                                                                          0x02bcc104
                                                                                                          0x02bcc10b
                                                                                                          0x02bcc112
                                                                                                          0x02bcc119
                                                                                                          0x02bcc120
                                                                                                          0x02bcc12e
                                                                                                          0x02bcc134
                                                                                                          0x02bcc139
                                                                                                          0x02bcc13e
                                                                                                          0x02bcc145
                                                                                                          0x02bcc14c
                                                                                                          0x02bcc153
                                                                                                          0x02bcc157
                                                                                                          0x02bcc15e
                                                                                                          0x02bcc165
                                                                                                          0x02bcc169
                                                                                                          0x02bcc170
                                                                                                          0x02bcc17a
                                                                                                          0x02bcc17d
                                                                                                          0x02bcc180
                                                                                                          0x02bcc18d
                                                                                                          0x02bcc19c
                                                                                                          0x02bcc1ad
                                                                                                          0x02bcc1b3
                                                                                                          0x02bcc1bb
                                                                                                          0x02bcc1bd
                                                                                                          0x02bcc1c0
                                                                                                          0x02bcc1c8
                                                                                                          0x02bcc1cb
                                                                                                          0x02bcc1fa
                                                                                                          0x02bcc20d
                                                                                                          0x02bcc224
                                                                                                          0x02bcc22c
                                                                                                          0x02bcc234

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID: lstrcmpi
                                                                                                          • String ID: '$8~"$$w%
                                                                                                          • API String ID: 1586166983-1780403920
                                                                                                          • Opcode ID: 865b4352bd6a3b6007fdad557330adf626f76e94d4e46eb779c74bbdfc841a4d
                                                                                                          • Instruction ID: 7ba1a93258bacc8b06e6cb5e744c59c8c2a0f70c5a857f87c8bb399de0caf0f1
                                                                                                          • Opcode Fuzzy Hash: 865b4352bd6a3b6007fdad557330adf626f76e94d4e46eb779c74bbdfc841a4d
                                                                                                          • Instruction Fuzzy Hash: B7A12071D0020EEBDF18CFE5D98A9EEBBB2FB44314F208059E511BA264D7B41A56CF90
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BCD8DB, Relevance: 3.9, Strings: 3, Instructions: 157COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 93%
                                                                                                          			E02BCD8DB(signed int __ecx, signed int* __edx, intOrPtr _a4, intOrPtr _a8) {
				char _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				unsigned int _v76;
				signed int _v80;
				signed int _v84;
				unsigned int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				void* _t128;
				signed int _t142;
				signed int _t153;
				signed int _t155;
				signed int* _t163;
				void* _t164;
				signed int* _t167;

				_push(_a8);
				_t163 = __edx;
				_t153 = __ecx;
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E02BCFE29(_t128);
				_v104 = 0xcf676c;
				_t167 =  &(( &_v116)[4]);
				_v104 = _v104 + 0xb3f2;
				_v104 = _v104 | 0x988d6f24;
				_t164 = 0x3ef4407;
				_v104 = _v104 << 0xf;
				_v104 = _v104 ^ 0xbfbf0000;
				_v68 = 0xc42241;
				_v68 = _v68 + 0x399a;
				_v68 = _v68 ^ 0x00ce5291;
				_v88 = 0x75dd03;
				_v88 = _v88 + 0x7dba;
				_v88 = _v88 >> 6;
				_v88 = _v88 ^ 0x0008d458;
				_v72 = 0x2f46be;
				_v72 = _v72 + 0xffffdb55;
				_v72 = _v72 ^ 0x002db90e;
				_v76 = 0x23e806;
				_v76 = _v76 >> 0x10;
				_v76 = _v76 ^ 0x000f8af6;
				_v116 = 0x607e6d;
				_v116 = _v116 << 0x10;
				_v116 = _v116 + 0xffff6686;
				_v116 = _v116 | 0x3d181bb2;
				_v116 = _v116 ^ 0x7f71bdaf;
				_v96 = 0x2cc21a;
				_v96 = _v96 | 0xe9438a5f;
				_t155 = 0x3a;
				_v96 = _v96 * 0x13;
				_v96 = _v96 ^ 0x5347ec85;
				_v108 = 0xb3af1a;
				_v108 = _v108 / _t155;
				_v108 = _v108 + 0x8361;
				_v108 = _v108 | 0x789ced77;
				_v108 = _v108 ^ 0x789572df;
				_v92 = 0x2d2920;
				_v92 = _v92 * 0x2c;
				_v92 = _v92 * 0x1e;
				_v92 = _v92 ^ 0xe8dd3266;
				_v80 = 0xc07fec;
				_v80 = _v80 << 9;
				_v80 = _v80 ^ 0x80fbd8c8;
				_v112 = 0xa84277;
				_v112 = _v112 + 0xffffed27;
				_v112 = _v112 * 0x1b;
				_v112 = _v112 * 0x2c;
				_v112 = _v112 ^ 0x0c742dd9;
				_v64 = 0x297b8a;
				_v64 = _v64 >> 0xf;
				_v64 = _v64 ^ 0x0005dd25;
				_v84 = 0x5c8db2;
				_v84 = _v84 + 0x6b9b;
				_v84 = _v84 + 0x3228;
				_v84 = _v84 ^ 0x0059c37f;
				_v100 = 0xb4d8ec;
				_v100 = _v100 << 1;
				_v100 = _v100 + 0xe9ba;
				_v100 = _v100 | 0x2516dceb;
				_v100 = _v100 ^ 0x257d75fc;
				do {
					while(_t164 != 0x3ef4407) {
						if(_t164 == 0x3f5e611) {
							_push(_t155);
							_push(_t155);
							_t142 = E02BBC5D8(_t163[1]);
							_t167 =  &(_t167[3]);
							 *_t163 = _t142;
							__eflags = _t142;
							if(__eflags != 0) {
								_t164 = 0xddf020d;
								continue;
							}
						} else {
							if(_t164 == 0x4994ece) {
								E02BCCAD5(_v64, _v84, __eflags, _v100, _t153 + 4,  &_v60);
							} else {
								if(_t164 == 0x4a51775) {
									_t155 = _t153;
									_t163[1] = E02BC6187(_t155);
									_t164 = 0x3f5e611;
									continue;
								} else {
									if(_t164 == 0x9d156cc) {
										_t155 = _v108;
										E02BC0A90(_t155, _v92, _v80,  &_v60, _v112,  *_t153);
										_t167 =  &(_t167[4]);
										_t164 = 0x4994ece;
										continue;
									} else {
										if(_t164 != 0xddf020d) {
											goto L13;
										} else {
											_t155 = _t163;
											E02BB22A6(_t155, _v116,  &_v60, _v96);
											_t167 =  &(_t167[2]);
											_t164 = 0x9d156cc;
											continue;
										}
									}
								}
							}
						}
						L16:
						__eflags =  *_t163;
						_t127 =  *_t163 != 0;
						__eflags = _t127;
						return 0 | _t127;
					}
					_t164 = 0x4a51775;
					 *_t163 =  *_t163 & 0x00000000;
					__eflags =  *_t163;
					_t163[1] = _v104;
					L13:
					__eflags = _t164 - 0xae42d9c;
				} while (__eflags != 0);
				goto L16;
			}

























                                                                                                          0x02bcd8e2
                                                                                                          0x02bcd8e9
                                                                                                          0x02bcd8eb
                                                                                                          0x02bcd8ed
                                                                                                          0x02bcd8f4
                                                                                                          0x02bcd8f5
                                                                                                          0x02bcd8f6
                                                                                                          0x02bcd8fb
                                                                                                          0x02bcd903
                                                                                                          0x02bcd906
                                                                                                          0x02bcd910
                                                                                                          0x02bcd918
                                                                                                          0x02bcd91d
                                                                                                          0x02bcd927
                                                                                                          0x02bcd92f
                                                                                                          0x02bcd937
                                                                                                          0x02bcd93f
                                                                                                          0x02bcd947
                                                                                                          0x02bcd94f
                                                                                                          0x02bcd957
                                                                                                          0x02bcd95c
                                                                                                          0x02bcd964
                                                                                                          0x02bcd96c
                                                                                                          0x02bcd974
                                                                                                          0x02bcd97c
                                                                                                          0x02bcd984
                                                                                                          0x02bcd989
                                                                                                          0x02bcd991
                                                                                                          0x02bcd999
                                                                                                          0x02bcd99e
                                                                                                          0x02bcd9a6
                                                                                                          0x02bcd9ae
                                                                                                          0x02bcd9b6
                                                                                                          0x02bcd9be
                                                                                                          0x02bcd9cd
                                                                                                          0x02bcd9ce
                                                                                                          0x02bcd9d2
                                                                                                          0x02bcd9da
                                                                                                          0x02bcd9e8
                                                                                                          0x02bcd9ec
                                                                                                          0x02bcd9f4
                                                                                                          0x02bcd9fc
                                                                                                          0x02bcda04
                                                                                                          0x02bcda11
                                                                                                          0x02bcda1a
                                                                                                          0x02bcda1e
                                                                                                          0x02bcda26
                                                                                                          0x02bcda2e
                                                                                                          0x02bcda33
                                                                                                          0x02bcda3b
                                                                                                          0x02bcda43
                                                                                                          0x02bcda50
                                                                                                          0x02bcda59
                                                                                                          0x02bcda5d
                                                                                                          0x02bcda65
                                                                                                          0x02bcda6d
                                                                                                          0x02bcda72
                                                                                                          0x02bcda7a
                                                                                                          0x02bcda82
                                                                                                          0x02bcda8a
                                                                                                          0x02bcda92
                                                                                                          0x02bcda9a
                                                                                                          0x02bcdaa2
                                                                                                          0x02bcdaa6
                                                                                                          0x02bcdaae
                                                                                                          0x02bcdab6
                                                                                                          0x02bcdabe
                                                                                                          0x02bcdabe
                                                                                                          0x02bcdad0
                                                                                                          0x02bcdb5e
                                                                                                          0x02bcdb5f
                                                                                                          0x02bcdb63
                                                                                                          0x02bcdb68
                                                                                                          0x02bcdb6b
                                                                                                          0x02bcdb6d
                                                                                                          0x02bcdb6f
                                                                                                          0x02bcdb71
                                                                                                          0x00000000
                                                                                                          0x02bcdb71
                                                                                                          0x02bcdad2
                                                                                                          0x02bcdad8
                                                                                                          0x02bcdbaa
                                                                                                          0x02bcdade
                                                                                                          0x02bcdae4
                                                                                                          0x02bcdb3a
                                                                                                          0x02bcdb41
                                                                                                          0x02bcdb44
                                                                                                          0x00000000
                                                                                                          0x02bcdae6
                                                                                                          0x02bcdaec
                                                                                                          0x02bcdb27
                                                                                                          0x02bcdb2b
                                                                                                          0x02bcdb30
                                                                                                          0x02bcdb33
                                                                                                          0x00000000
                                                                                                          0x02bcdaee
                                                                                                          0x02bcdaf0
                                                                                                          0x00000000
                                                                                                          0x02bcdaf6
                                                                                                          0x02bcdb03
                                                                                                          0x02bcdb05
                                                                                                          0x02bcdb0a
                                                                                                          0x02bcdb0d
                                                                                                          0x00000000
                                                                                                          0x02bcdb0d
                                                                                                          0x02bcdaf0
                                                                                                          0x02bcdaec
                                                                                                          0x02bcdae4
                                                                                                          0x02bcdad8
                                                                                                          0x02bcdbb2
                                                                                                          0x02bcdbb4
                                                                                                          0x02bcdbb9
                                                                                                          0x02bcdbb9
                                                                                                          0x02bcdbc0
                                                                                                          0x02bcdbc0
                                                                                                          0x02bcdb7c
                                                                                                          0x02bcdb81
                                                                                                          0x02bcdb81
                                                                                                          0x02bcdb84
                                                                                                          0x02bcdb87
                                                                                                          0x02bcdb87
                                                                                                          0x02bcdb87
                                                                                                          0x00000000

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: )-$(2$m~`
                                                                                                          • API String ID: 0-2018184401
                                                                                                          • Opcode ID: 3e11803ea927e7df6680295804b9090ad11ac98bc0e337558a280692f26d1627
                                                                                                          • Instruction ID: 59d6bdbbd8d661a55274e9d1b063f526ee7afa4620681758879d91f12b70121a
                                                                                                          • Opcode Fuzzy Hash: 3e11803ea927e7df6680295804b9090ad11ac98bc0e337558a280692f26d1627
                                                                                                          • Instruction Fuzzy Hash: D27145B28083429FC354DF25D58545BBBF0FB88358F104A6DF59A96220E3B1DA49CF83
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BC9774, Relevance: 3.9, Strings: 3, Instructions: 149COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 89%
                                                                                                          			E02BC9774(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a12, intOrPtr _a20, intOrPtr _a24) {
				char _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				void* _t119;
				intOrPtr _t132;
				void* _t134;
				void* _t139;
				signed int _t154;
				signed int _t155;
				signed int _t156;
				void* _t158;
				signed int* _t161;

				_push(_a24);
				_push(_a20);
				_push(1);
				_push(_a12);
				_push(1);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E02BCFE29(_t119);
				_v16 = 0xc48506;
				_t161 =  &(( &_v52)[8]);
				_v16 = _v16 + 0xffffac5b;
				_v16 = _v16 ^ 0x00c0af73;
				_t158 = 0;
				_v36 = 0x37ec46;
				_t139 = 0x2fa1272;
				_t11 =  &_v36; // 0x37ec46
				_t154 = 0xf;
				_v36 =  *_t11 / _t154;
				_t155 = 0x17;
				_v36 = _v36 * 0x4d;
				_v36 = _v36 ^ 0x011f94eb;
				_v48 = 0x1c9307;
				_v48 = _v48 + 0xffff180a;
				_v48 = _v48 >> 0xc;
				_v48 = _v48 + 0x45e7;
				_v48 = _v48 ^ 0x000c030c;
				_v20 = 0x2c1c35;
				_v20 = _v20 * 0x1a;
				_v20 = _v20 ^ 0x04724ae3;
				_v52 = 0xfea2f7;
				_v52 = _v52 + 0xffffcd03;
				_v52 = _v52 << 0xf;
				_v52 = _v52 >> 4;
				_v52 = _v52 ^ 0x0374764b;
				_v24 = 0x4bca1;
				_v24 = _v24 + 0xffff92f8;
				_v24 = _v24 >> 6;
				_v24 = _v24 ^ 0x0004173d;
				_v28 = 0xca25f8;
				_v28 = _v28 ^ 0xf07fe4f1;
				_v28 = _v28 | 0xda5170b9;
				_v28 = _v28 ^ 0xfaf3c539;
				_v40 = 0x557f86;
				_v40 = _v40 / _t155;
				_v40 = _v40 | 0x36ce95b0;
				_v40 = _v40 + 0xffff3f34;
				_v40 = _v40 ^ 0x36c02d15;
				_v44 = 0x3d6d99;
				_t156 = 0x16;
				_v44 = _v44 * 0x7d;
				_v44 = _v44 >> 0xc;
				_v44 = _v44 << 0xd;
				_v44 = _v44 ^ 0x3bf21f86;
				_v32 = 0x4fb69d;
				_v32 = _v32 << 4;
				_v32 = _v32 / _t156;
				_v32 = _v32 ^ 0x00344331;
				_v8 = 0x9d9959;
				_v8 = _v8 >> 0xe;
				_v8 = _v8 ^ 0x000ae1f8;
				_v12 = 0x98829;
				_v12 = _v12 ^ 0xb9c9dda7;
				_v12 = _v12 ^ 0xb9cd803a;
				_t157 = _v4;
				do {
					while(_t139 != 0x2fa1272) {
						if(_t139 == 0x306b7e5) {
							E02BBF9C1(_v4, _v24, _v28, _v40, 1, _a24, 1, _a20, _t139, _v44, _v32);
							_t161 =  &(_t161[9]);
							_t139 = 0xc6d7030;
							_t158 =  !=  ? 1 : _t158;
							continue;
						} else {
							if(_t139 == 0x66d181a) {
								_t132 = E02BCBC6B();
								_t157 = _t132;
								if(_t132 != 0xffffffff) {
									_t139 = 0xc4ce558;
									continue;
								}
							} else {
								if(_t139 == 0xc4ce558) {
									_t134 = E02BB72C4(_v36,  &_v4, _v48, _v20, _t157, _v52);
									_t161 =  &(_t161[4]);
									if(_t134 != 0) {
										_t139 = 0x306b7e5;
										continue;
									}
								} else {
									if(_t139 != 0xc6d7030) {
										goto L14;
									} else {
										E02BD1538(_v8, _v12, _v4);
									}
								}
							}
						}
						L7:
						return _t158;
					}
					_t139 = 0x66d181a;
					L14:
				} while (_t139 != 0xa576bfc);
				goto L7;
			}

























                                                                                                          0x02bc977b
                                                                                                          0x02bc9781
                                                                                                          0x02bc9786
                                                                                                          0x02bc9787
                                                                                                          0x02bc978b
                                                                                                          0x02bc978c
                                                                                                          0x02bc9790
                                                                                                          0x02bc9791
                                                                                                          0x02bc9792
                                                                                                          0x02bc9797
                                                                                                          0x02bc979f
                                                                                                          0x02bc97a2
                                                                                                          0x02bc97ac
                                                                                                          0x02bc97b4
                                                                                                          0x02bc97b6
                                                                                                          0x02bc97be
                                                                                                          0x02bc97c3
                                                                                                          0x02bc97c9
                                                                                                          0x02bc97ce
                                                                                                          0x02bc97d9
                                                                                                          0x02bc97dc
                                                                                                          0x02bc97e0
                                                                                                          0x02bc97e8
                                                                                                          0x02bc97f0
                                                                                                          0x02bc97f8
                                                                                                          0x02bc97fd
                                                                                                          0x02bc9805
                                                                                                          0x02bc980d
                                                                                                          0x02bc981a
                                                                                                          0x02bc981e
                                                                                                          0x02bc9826
                                                                                                          0x02bc982e
                                                                                                          0x02bc9836
                                                                                                          0x02bc983b
                                                                                                          0x02bc9840
                                                                                                          0x02bc9848
                                                                                                          0x02bc9850
                                                                                                          0x02bc9858
                                                                                                          0x02bc985d
                                                                                                          0x02bc9865
                                                                                                          0x02bc986d
                                                                                                          0x02bc9875
                                                                                                          0x02bc987d
                                                                                                          0x02bc9885
                                                                                                          0x02bc9895
                                                                                                          0x02bc9899
                                                                                                          0x02bc98a1
                                                                                                          0x02bc98a9
                                                                                                          0x02bc98b1
                                                                                                          0x02bc98be
                                                                                                          0x02bc98bf
                                                                                                          0x02bc98c3
                                                                                                          0x02bc98c8
                                                                                                          0x02bc98cd
                                                                                                          0x02bc98d5
                                                                                                          0x02bc98dd
                                                                                                          0x02bc98e8
                                                                                                          0x02bc98ec
                                                                                                          0x02bc98f4
                                                                                                          0x02bc98fc
                                                                                                          0x02bc9901
                                                                                                          0x02bc9909
                                                                                                          0x02bc9916
                                                                                                          0x02bc991e
                                                                                                          0x02bc9926
                                                                                                          0x02bc992a
                                                                                                          0x02bc992a
                                                                                                          0x02bc9938
                                                                                                          0x02bc99d4
                                                                                                          0x02bc99d9
                                                                                                          0x02bc99dc
                                                                                                          0x02bc99e3
                                                                                                          0x00000000
                                                                                                          0x02bc993a
                                                                                                          0x02bc9940
                                                                                                          0x02bc999b
                                                                                                          0x02bc99a0
                                                                                                          0x02bc99a5
                                                                                                          0x02bc99a7
                                                                                                          0x00000000
                                                                                                          0x02bc99a7
                                                                                                          0x02bc9942
                                                                                                          0x02bc9948
                                                                                                          0x02bc9987
                                                                                                          0x02bc998c
                                                                                                          0x02bc9991
                                                                                                          0x02bc9993
                                                                                                          0x00000000
                                                                                                          0x02bc9993
                                                                                                          0x02bc994a
                                                                                                          0x02bc9950
                                                                                                          0x00000000
                                                                                                          0x02bc9956
                                                                                                          0x02bc9962
                                                                                                          0x02bc9967
                                                                                                          0x02bc9950
                                                                                                          0x02bc9948
                                                                                                          0x02bc9940
                                                                                                          0x02bc9969
                                                                                                          0x02bc9971
                                                                                                          0x02bc9971
                                                                                                          0x02bc99eb
                                                                                                          0x02bc99f0
                                                                                                          0x02bc99f0
                                                                                                          0x00000000

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: 1C4$F7$E
                                                                                                          • API String ID: 0-3303878784
                                                                                                          • Opcode ID: ec422184f0bc8e42d70ac5f52bb51cad38797440f210b574c256831cfc5cf489
                                                                                                          • Instruction ID: c74f4474239ecc1f2e69db37faac091b12c18b93781381dffc3d60404d4a06a1
                                                                                                          • Opcode Fuzzy Hash: ec422184f0bc8e42d70ac5f52bb51cad38797440f210b574c256831cfc5cf489
                                                                                                          • Instruction Fuzzy Hash: 2E5155B2109381ABD358CE25D98982FFBE1FBD4748F505A5DF29656260D3B0CA09CF82
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BBB820, Relevance: 3.9, Strings: 3, Instructions: 145COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 100%
                                                                                                          			E02BBB820(void* __ecx) {
				intOrPtr _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				void* _t158;
				void* _t162;
				signed int _t164;
				signed int _t165;
				signed int _t166;
				signed int _t167;
				signed int _t168;
				signed int _t169;
				intOrPtr _t192;
				intOrPtr* _t193;
				intOrPtr _t194;
				signed int* _t196;

				_t196 =  &_v68;
				_v16 = 0xd87d65;
				_v12 = 0x358b32;
				_v8 = 0xe06945;
				_t192 =  *0x2bd6210; // 0x0
				_v4 = 0;
				_t162 = __ecx;
				_v68 = 0xf23e36;
				_t193 = _t192 + 0x210;
				_v68 = _v68 ^ 0x9abe7b4c;
				_t164 = 0x28;
				_v68 = _v68 / _t164;
				_v68 = _v68 + 0xffff9758;
				_v68 = _v68 ^ 0x03db1914;
				_v28 = 0x153966;
				_v28 = _v28 + 0xc98d;
				_v28 = _v28 ^ 0x00189a49;
				_v32 = 0x66a403;
				_v32 = _v32 + 0x4aa1;
				_v32 = _v32 ^ 0x006148cf;
				_v44 = 0xfe7e73;
				_v44 = _v44 + 0xffff9639;
				_v44 = _v44 | 0x437ec796;
				_v44 = _v44 ^ 0x43f7a292;
				_v48 = 0x44000d;
				_t165 = 0x26;
				_v48 = _v48 / _t165;
				_v48 = _v48 | 0x123d3176;
				_v48 = _v48 ^ 0x1230a07a;
				_v60 = 0x1c671b;
				_v60 = _v60 | 0x089dc1d7;
				_t166 = 0x64;
				_v60 = _v60 / _t166;
				_t167 = 0x5e;
				_v60 = _v60 * 0x62;
				_v60 = _v60 ^ 0x087e3283;
				_v24 = 0x917945;
				_v24 = _v24 ^ 0x5fcd23bd;
				_v24 = _v24 ^ 0x5f54fdfa;
				_v64 = 0xfb1c79;
				_v64 = _v64 ^ 0x3af08dd4;
				_v64 = _v64 + 0x24a6;
				_v64 = _v64 + 0xffffe057;
				_v64 = _v64 ^ 0x3a029534;
				_v36 = 0xae1548;
				_v36 = _v36 * 0x1a;
				_v36 = _v36 + 0x68c6;
				_v36 = _v36 ^ 0x11a48673;
				_v40 = 0xac750c;
				_v40 = _v40 ^ 0x67c11f84;
				_v40 = _v40 | 0x960dc624;
				_v40 = _v40 ^ 0xf7630ea5;
				_v52 = 0x5bbbfa;
				_v52 = _v52 / _t167;
				_v52 = _v52 + 0xc5b0;
				_v52 = _v52 ^ 0x922587b4;
				_v52 = _v52 ^ 0x922f6435;
				_v56 = 0xb91e06;
				_t168 = 0x13;
				_v56 = _v56 / _t168;
				_v56 = _v56 + 0x7f58;
				_v56 = _v56 << 2;
				_v56 = _v56 ^ 0x002d76eb;
				_v20 = 0xce5e52;
				_t169 = 0x56;
				_v20 = _v20 / _t169;
				_v20 = _v20 ^ 0x000b3737;
				while(1) {
					_t194 =  *_t193;
					if(_t194 == 0) {
						break;
					}
					if( *((intOrPtr*)(_t194 + 0x38)) == 0) {
						L4:
						 *_t193 =  *((intOrPtr*)(_t194 + 0x24));
						_t158 = E02BD2B09(_v52, _t194, _v56, _v20);
					} else {
						_t158 = E02BD1028(_v28, _v32,  *((intOrPtr*)(_t194 + 0x48)), _t162, _v44, _v48);
						_t196 =  &(_t196[4]);
						if(_t158 != _v68) {
							_t193 = _t194 + 0x24;
						} else {
							 *((intOrPtr*)(_t194 + 0x2c))( *((intOrPtr*)(_t194 + 0x38)), 0, 0);
							E02BBF0E9(_v72,  *((intOrPtr*)(_t194 + 0x38)), _v36, _v76);
							E02BD1538(_v48, _v52,  *((intOrPtr*)(_t194 + 0x48)));
							_t196 =  &(_t196[3]);
							goto L4;
						}
					}
				}
				return _t158;
			}


































                                                                                                          0x02bbb820
                                                                                                          0x02bbb823
                                                                                                          0x02bbb82d
                                                                                                          0x02bbb835
                                                                                                          0x02bbb841
                                                                                                          0x02bbb849
                                                                                                          0x02bbb84d
                                                                                                          0x02bbb84f
                                                                                                          0x02bbb857
                                                                                                          0x02bbb85d
                                                                                                          0x02bbb86b
                                                                                                          0x02bbb870
                                                                                                          0x02bbb876
                                                                                                          0x02bbb87e
                                                                                                          0x02bbb886
                                                                                                          0x02bbb88e
                                                                                                          0x02bbb896
                                                                                                          0x02bbb89e
                                                                                                          0x02bbb8a6
                                                                                                          0x02bbb8ae
                                                                                                          0x02bbb8b6
                                                                                                          0x02bbb8be
                                                                                                          0x02bbb8c6
                                                                                                          0x02bbb8ce
                                                                                                          0x02bbb8d6
                                                                                                          0x02bbb8e2
                                                                                                          0x02bbb8e7
                                                                                                          0x02bbb8ed
                                                                                                          0x02bbb8f5
                                                                                                          0x02bbb8fd
                                                                                                          0x02bbb905
                                                                                                          0x02bbb911
                                                                                                          0x02bbb916
                                                                                                          0x02bbb921
                                                                                                          0x02bbb922
                                                                                                          0x02bbb926
                                                                                                          0x02bbb92e
                                                                                                          0x02bbb936
                                                                                                          0x02bbb93e
                                                                                                          0x02bbb946
                                                                                                          0x02bbb94e
                                                                                                          0x02bbb956
                                                                                                          0x02bbb95e
                                                                                                          0x02bbb966
                                                                                                          0x02bbb96e
                                                                                                          0x02bbb97b
                                                                                                          0x02bbb97f
                                                                                                          0x02bbb987
                                                                                                          0x02bbb98f
                                                                                                          0x02bbb997
                                                                                                          0x02bbb99f
                                                                                                          0x02bbb9a7
                                                                                                          0x02bbb9af
                                                                                                          0x02bbb9bd
                                                                                                          0x02bbb9c1
                                                                                                          0x02bbb9c9
                                                                                                          0x02bbb9d1
                                                                                                          0x02bbb9d9
                                                                                                          0x02bbb9e9
                                                                                                          0x02bbb9ee
                                                                                                          0x02bbb9f4
                                                                                                          0x02bbb9fc
                                                                                                          0x02bbba01
                                                                                                          0x02bbba09
                                                                                                          0x02bbba15
                                                                                                          0x02bbba18
                                                                                                          0x02bbba1c
                                                                                                          0x02bbba96
                                                                                                          0x02bbba96
                                                                                                          0x02bbba9a
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bbba29
                                                                                                          0x02bbba7c
                                                                                                          0x02bbba8d
                                                                                                          0x02bbba8f
                                                                                                          0x02bbba2b
                                                                                                          0x02bbba3f
                                                                                                          0x02bbba44
                                                                                                          0x02bbba4b
                                                                                                          0x02bbbaa4
                                                                                                          0x02bbba4d
                                                                                                          0x02bbba52
                                                                                                          0x02bbba64
                                                                                                          0x02bbba74
                                                                                                          0x02bbba79
                                                                                                          0x00000000
                                                                                                          0x02bbba79
                                                                                                          0x02bbba4b
                                                                                                          0x02bbba29
                                                                                                          0x02bbbaa3

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: $P$Ei$v-
                                                                                                          • API String ID: 0-1888193988
                                                                                                          • Opcode ID: d22b3378341ed55e58088416f0651a77a4976dabc2fc15bffa8d0006479305f4
                                                                                                          • Instruction ID: 68f862410d59355538b8d1aa27df1221c97eeee35f44cd1d6dbad2cc0aa79bba
                                                                                                          • Opcode Fuzzy Hash: d22b3378341ed55e58088416f0651a77a4976dabc2fc15bffa8d0006479305f4
                                                                                                          • Instruction Fuzzy Hash: 716133B15083809FC394CF25D48985BBBF2FBC8718F408A1DF09A66260D7B5DA0ACF46
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BD07AA, Relevance: 3.9, Strings: 3, Instructions: 145COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 91%
                                                                                                          			E02BD07AA(void* __ecx, void* __edx, intOrPtr* _a4, intOrPtr _a8, intOrPtr* _a12) {
				char _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				void* _t127;
				void* _t143;
				void* _t147;
				intOrPtr _t159;
				void* _t165;
				signed int _t166;
				signed int _t167;
				signed int _t168;
				signed int _t169;
				signed int* _t172;

				_t145 = _a12;
				_t164 = _a4;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				E02BCFE29(_t127);
				_v68 = 0xce0704;
				_t172 =  &(( &_v80)[5]);
				_t165 = 0;
				_t147 = 0xeb10c15;
				_push("true");
				_pop(_t166);
				_v68 = _v68 / _t166;
				_v68 = _v68 ^ 0x27d6a24c;
				_v68 = _v68 << 0xd;
				_v68 = _v68 ^ 0x13812000;
				_v56 = 0x3987d6;
				_v56 = _v56 + 0xffffa396;
				_v56 = _v56 << 6;
				_v56 = _v56 + 0xffffda2f;
				_v56 = _v56 ^ 0x0e4ab52f;
				_v76 = 0xda5b69;
				_v76 = _v76 + 0xffffc444;
				_v76 = _v76 >> 3;
				_v76 = _v76 | 0xf293bfd0;
				_v76 = _v76 ^ 0xf29c223d;
				_v80 = 0x3698bd;
				_v80 = _v80 << 2;
				_v80 = _v80 + 0xffffb830;
				_v80 = _v80 | 0x7cee6fd8;
				_v80 = _v80 ^ 0x7cfe3832;
				_v44 = 0x3a6f25;
				_v44 = _v44 >> 3;
				_v44 = _v44 ^ 0x000731a8;
				_v48 = 0xdbe73e;
				_v48 = _v48 | 0x7450ea9d;
				_v48 = _v48 ^ 0x74de2fdf;
				_v36 = 0x16da79;
				_t167 = 0x12;
				_v36 = _v36 * 0x5d;
				_v36 = _v36 ^ 0x084db146;
				_v60 = 0xec6235;
				_v60 = _v60 + 0x184b;
				_v60 = _v60 / _t167;
				_v60 = _v60 | 0x0c30d5fb;
				_v60 = _v60 ^ 0x0c38efee;
				_v64 = 0x38c801;
				_v64 = _v64 >> 9;
				_v64 = _v64 ^ 0xc825be84;
				_v64 = _v64 >> 0x10;
				_v64 = _v64 ^ 0x000d1c3b;
				_v72 = 0xe77e6e;
				_v72 = _v72 + 0xffffb3b2;
				_v72 = _v72 << 0xd;
				_t168 = 0x78;
				_v72 = _v72 / _t168;
				_v72 = _v72 ^ 0x01e31a81;
				_v40 = 0x7e766a;
				_v40 = _v40 * 0x26;
				_v40 = _v40 ^ 0x12c7afcd;
				_v52 = 0xe103b8;
				_t169 = 0x4e;
				_v52 = _v52 / _t169;
				_v52 = _v52 + 0xffff4b52;
				_v52 = _v52 ^ 0x000d8548;
				do {
					while(_t147 != 0x8d72c38) {
						if(_t147 == 0xc75b0cb) {
							_t143 = E02BB57B8( *_t164, _v76, _v80,  *((intOrPtr*)(_t164 + 4)), _v44,  &_v32, _v48);
							_t172 =  &(_t172[6]);
							if(_t143 != 0) {
								_t147 = 0x8d72c38;
								continue;
							}
						} else {
							if(_t147 != 0xeb10c15) {
								goto L8;
							} else {
								_t147 = 0xc75b0cb;
								continue;
							}
						}
						goto L9;
					}
					_t159 =  *0x2bd6224; // 0x0
					E02BD4D53( *((intOrPtr*)(_t145 + 4)),  *((intOrPtr*)(_t159 + 0x48)), _v36, _t147,  &_v32, _v60, _v64, _v68, _v72, _v40, _t147,  *_t145, _v52);
					_t172 =  &(_t172[0xb]);
					_t147 = 0x3b36d39;
					_t165 =  ==  ? 1 : _t165;
					L8:
				} while (_t147 != 0x3b36d39);
				L9:
				return _t165;
			}


























                                                                                                          0x02bd07ae
                                                                                                          0x02bd07b5
                                                                                                          0x02bd07b9
                                                                                                          0x02bd07ba
                                                                                                          0x02bd07be
                                                                                                          0x02bd07bf
                                                                                                          0x02bd07c1
                                                                                                          0x02bd07c6
                                                                                                          0x02bd07ce
                                                                                                          0x02bd07d7
                                                                                                          0x02bd07d9
                                                                                                          0x02bd07de
                                                                                                          0x02bd07e0
                                                                                                          0x02bd07e5
                                                                                                          0x02bd07eb
                                                                                                          0x02bd07f3
                                                                                                          0x02bd07f8
                                                                                                          0x02bd0800
                                                                                                          0x02bd0808
                                                                                                          0x02bd0810
                                                                                                          0x02bd0815
                                                                                                          0x02bd081d
                                                                                                          0x02bd0825
                                                                                                          0x02bd082d
                                                                                                          0x02bd0835
                                                                                                          0x02bd083a
                                                                                                          0x02bd0842
                                                                                                          0x02bd084a
                                                                                                          0x02bd0852
                                                                                                          0x02bd0857
                                                                                                          0x02bd085f
                                                                                                          0x02bd0867
                                                                                                          0x02bd086f
                                                                                                          0x02bd0877
                                                                                                          0x02bd087c
                                                                                                          0x02bd0884
                                                                                                          0x02bd088c
                                                                                                          0x02bd0894
                                                                                                          0x02bd089c
                                                                                                          0x02bd08a9
                                                                                                          0x02bd08ac
                                                                                                          0x02bd08b0
                                                                                                          0x02bd08b8
                                                                                                          0x02bd08c0
                                                                                                          0x02bd08d0
                                                                                                          0x02bd08d4
                                                                                                          0x02bd08dc
                                                                                                          0x02bd08e4
                                                                                                          0x02bd08ec
                                                                                                          0x02bd08f1
                                                                                                          0x02bd08f9
                                                                                                          0x02bd08fe
                                                                                                          0x02bd0906
                                                                                                          0x02bd090e
                                                                                                          0x02bd0916
                                                                                                          0x02bd091f
                                                                                                          0x02bd0922
                                                                                                          0x02bd0926
                                                                                                          0x02bd092e
                                                                                                          0x02bd093b
                                                                                                          0x02bd093f
                                                                                                          0x02bd0947
                                                                                                          0x02bd0957
                                                                                                          0x02bd095f
                                                                                                          0x02bd0963
                                                                                                          0x02bd096b
                                                                                                          0x02bd0973
                                                                                                          0x02bd0973
                                                                                                          0x02bd097d
                                                                                                          0x02bd09a8
                                                                                                          0x02bd09ad
                                                                                                          0x02bd09b2
                                                                                                          0x02bd09b4
                                                                                                          0x00000000
                                                                                                          0x02bd09b4
                                                                                                          0x02bd097f
                                                                                                          0x02bd0985
                                                                                                          0x00000000
                                                                                                          0x02bd0987
                                                                                                          0x02bd0987
                                                                                                          0x00000000
                                                                                                          0x02bd0987
                                                                                                          0x02bd0985
                                                                                                          0x00000000
                                                                                                          0x02bd097d
                                                                                                          0x02bd09dd
                                                                                                          0x02bd09e9
                                                                                                          0x02bd09f7
                                                                                                          0x02bd09fc
                                                                                                          0x02bd0a01
                                                                                                          0x02bd0a04
                                                                                                          0x02bd0a04
                                                                                                          0x02bd0a11
                                                                                                          0x02bd0a19

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: 5b$jv~$n~
                                                                                                          • API String ID: 0-1119068381
                                                                                                          • Opcode ID: 41ef7ee99ca4c5c185c4dc2f7d6d86cc6e44f57b26d43446c69747dbc04a54a0
                                                                                                          • Instruction ID: 487b2b03f3ce2a5c3e53b10f759c6fe750bb46ac1e320a6cfd0e9a1d29cd3d9c
                                                                                                          • Opcode Fuzzy Hash: 41ef7ee99ca4c5c185c4dc2f7d6d86cc6e44f57b26d43446c69747dbc04a54a0
                                                                                                          • Instruction Fuzzy Hash: AE5155724083059FC748DF25C98991FBBE1FBD8758F908A5DF296A6220D371CA89CF46
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BC7A0F, Relevance: 3.9, Strings: 3, Instructions: 137COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 87%
                                                                                                          			E02BC7A0F(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				intOrPtr _v76;
				char _v596;
				void* _t147;
				signed int _t170;
				signed int _t171;
				signed int _t172;
				signed int _t173;

				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E02BCFE29(_t147);
				_v72 = _v72 & 0x00000000;
				_v68 = _v68 & 0x00000000;
				_v76 = 0xac6bc1;
				_v48 = 0x918367;
				_v48 = _v48 >> 6;
				_v48 = _v48 ^ 0x000cf094;
				_v36 = 0xe92c2d;
				_v36 = _v36 ^ 0xfac2eab7;
				_v36 = _v36 << 0xf;
				_v36 = _v36 ^ 0xe346c7b1;
				_v64 = 0xc08572;
				_t170 = 0x1e;
				_v64 = _v64 / _t170;
				_v64 = _v64 ^ 0x00015c03;
				_v12 = 0x9212d2;
				_t171 = 0x1d;
				_v12 = _v12 * 0x39;
				_v12 = _v12 + 0x3383;
				_v12 = _v12 >> 2;
				_v12 = _v12 ^ 0x08263998;
				_v32 = 0xc20336;
				_v32 = _v32 * 0x70;
				_v32 = _v32 ^ 0x74671eb1;
				_v32 = _v32 ^ 0x2084f54c;
				_v40 = 0xa9787c;
				_v40 = _v40 ^ 0x381c5a49;
				_v40 = _v40 | 0x64fc5a0b;
				_v40 = _v40 ^ 0x7cf9cebd;
				_v20 = 0x646c84;
				_v20 = _v20 * 0xa;
				_v20 = _v20 ^ 0x10bf9a9f;
				_v20 = _v20 ^ 0x793d42f9;
				_v20 = _v20 ^ 0x6a6515eb;
				_v60 = 0xc09cf0;
				_v60 = _v60 << 9;
				_v60 = _v60 ^ 0x813cbcc6;
				_v8 = 0xc99b6c;
				_v8 = _v8 * 0x26;
				_v8 = _v8 + 0xffff7686;
				_v8 = _v8 ^ 0x08dcc16a;
				_v8 = _v8 ^ 0x1531615b;
				_v44 = 0x17c218;
				_v44 = _v44 | 0xd7791395;
				_v44 = _v44 + 0xde66;
				_v44 = _v44 ^ 0xd7809290;
				_v28 = 0x8f3b5f;
				_v28 = _v28 >> 0xb;
				_v28 = _v28 * 0x5e;
				_v28 = _v28 ^ 0x00039abd;
				_v56 = 0xe3e33c;
				_v56 = _v56 * 0x69;
				_v56 = _v56 ^ 0x5d7c15ff;
				_v52 = 0x7e8124;
				_v52 = _v52 + 0xc0d9;
				_v52 = _v52 ^ 0x007e7944;
				_v24 = 0x2edb0b;
				_v24 = _v24 / _t171;
				_t172 = 0x3a;
				_v24 = _v24 / _t172;
				_t173 = 0x6f;
				_v24 = _v24 / _t173;
				_v24 = _v24 ^ 0x00044e1b;
				_v16 = 0xd6e45b;
				_v16 = _v16 * 0x6a;
				_v16 = _v16 | 0xc518fde9;
				_v16 = _v16 + 0xffff1d23;
				_v16 = _v16 ^ 0xddf5a256;
				_push(_v12);
				_push(_v64);
				_push(_v36);
				E02BC2C9C(_v40, _v16, E02BCE1F8(0x2bb170c, _v48, _v16),  &_v596, 0x2bb170c, _v20, __edx);
				E02BCFECB(_t164, _v60, _v8, _v44, _v28);
				return E02BBD061( &_v596, _v56, _v52, _v24, _v16);
			}



























                                                                                                          0x02bc7a1a
                                                                                                          0x02bc7a1f
                                                                                                          0x02bc7a22
                                                                                                          0x02bc7a25
                                                                                                          0x02bc7a26
                                                                                                          0x02bc7a27
                                                                                                          0x02bc7a2c
                                                                                                          0x02bc7a32
                                                                                                          0x02bc7a36
                                                                                                          0x02bc7a3d
                                                                                                          0x02bc7a44
                                                                                                          0x02bc7a48
                                                                                                          0x02bc7a4f
                                                                                                          0x02bc7a56
                                                                                                          0x02bc7a5d
                                                                                                          0x02bc7a61
                                                                                                          0x02bc7a68
                                                                                                          0x02bc7a74
                                                                                                          0x02bc7a79
                                                                                                          0x02bc7a7e
                                                                                                          0x02bc7a85
                                                                                                          0x02bc7a90
                                                                                                          0x02bc7a91
                                                                                                          0x02bc7a94
                                                                                                          0x02bc7a9b
                                                                                                          0x02bc7a9f
                                                                                                          0x02bc7aa6
                                                                                                          0x02bc7ab1
                                                                                                          0x02bc7ab4
                                                                                                          0x02bc7abb
                                                                                                          0x02bc7ac2
                                                                                                          0x02bc7ac9
                                                                                                          0x02bc7ad0
                                                                                                          0x02bc7ad7
                                                                                                          0x02bc7ade
                                                                                                          0x02bc7ae9
                                                                                                          0x02bc7aec
                                                                                                          0x02bc7af3
                                                                                                          0x02bc7afa
                                                                                                          0x02bc7b01
                                                                                                          0x02bc7b08
                                                                                                          0x02bc7b0c
                                                                                                          0x02bc7b13
                                                                                                          0x02bc7b1e
                                                                                                          0x02bc7b21
                                                                                                          0x02bc7b28
                                                                                                          0x02bc7b2f
                                                                                                          0x02bc7b36
                                                                                                          0x02bc7b3d
                                                                                                          0x02bc7b44
                                                                                                          0x02bc7b4b
                                                                                                          0x02bc7b52
                                                                                                          0x02bc7b59
                                                                                                          0x02bc7b61
                                                                                                          0x02bc7b64
                                                                                                          0x02bc7b6b
                                                                                                          0x02bc7b76
                                                                                                          0x02bc7b79
                                                                                                          0x02bc7b80
                                                                                                          0x02bc7b87
                                                                                                          0x02bc7b8e
                                                                                                          0x02bc7b95
                                                                                                          0x02bc7ba1
                                                                                                          0x02bc7ba9
                                                                                                          0x02bc7bb0
                                                                                                          0x02bc7bb8
                                                                                                          0x02bc7bc0
                                                                                                          0x02bc7bc3
                                                                                                          0x02bc7bca
                                                                                                          0x02bc7bd5
                                                                                                          0x02bc7bd8
                                                                                                          0x02bc7bdf
                                                                                                          0x02bc7be6
                                                                                                          0x02bc7bed
                                                                                                          0x02bc7bf0
                                                                                                          0x02bc7bf3
                                                                                                          0x02bc7c16
                                                                                                          0x02bc7c29
                                                                                                          0x02bc7c4d

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: -,$<$Dy~
                                                                                                          • API String ID: 0-1106285139
                                                                                                          • Opcode ID: 2ed3834c1cc19f1000e4b37da9eeadec112f1df9536da7a5945f8307a1052882
                                                                                                          • Instruction ID: 32932f3aa25b9412d51414f80d9088e7f6b8f2f7e3955c21412b5947dbf354ac
                                                                                                          • Opcode Fuzzy Hash: 2ed3834c1cc19f1000e4b37da9eeadec112f1df9536da7a5945f8307a1052882
                                                                                                          • Instruction Fuzzy Hash: 0B61DFB1D0120EEBDF08CFE5D98A9EEBBB2FB48314F208159E111B6260D7B54A55CF94
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BB7442, Relevance: 3.9, Strings: 3, Instructions: 116COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 85%
                                                                                                          			E02BB7442(intOrPtr* __ecx, void* __edx, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				unsigned int _v28;
				void* _t68;
				intOrPtr _t81;
				signed int _t82;
				signed int _t87;
				signed int _t88;
				void* _t91;
				intOrPtr _t105;
				intOrPtr* _t106;
				void* _t107;
				signed int* _t111;

				_push(_a16);
				_t106 = __ecx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E02BCFE29(_t68);
				_v24 = 0x62b98c;
				_t111 =  &(( &_v28)[6]);
				_t107 = 0;
				_t91 = 0x56d49db;
				_t87 = 0x32;
				_v24 = _v24 * 0x4b;
				_v24 = _v24 / _t87;
				_v24 = _v24 + 0xffff2f8c;
				_v24 = _v24 ^ 0x009a9eb5;
				_v16 = 0xcd53e2;
				_t88 = 0x3a;
				_v16 = _v16 * 0x65;
				_v16 = _v16 + 0xffffa8ae;
				_v16 = _v16 ^ 0x510428a2;
				_v28 = 0xd5f3ee;
				_v28 = _v28 ^ 0x77e73800;
				_v28 = _v28 / _t88;
				_v28 = _v28 >> 7;
				_v28 = _v28 ^ 0x0000e246;
				_v20 = 0x9cb423;
				_v20 = _v20 + 0x5dad;
				_v20 = _v20 ^ 0xe88d7dca;
				_v20 = _v20 ^ 0xe81c7203;
				_v4 = 0x5f6be5;
				_t46 =  &_v4; // 0x5f6be5
				_v4 =  *_t46 * 0x5c;
				_v4 = _v4 ^ 0x224497bb;
				_v8 = 0xac6149;
				_v8 = _v8 >> 2;
				_v8 = _v8 ^ 0x0020023e;
				_v12 = 0x405ac1;
				_v12 = _v12 >> 0xd;
				_v12 = _v12 ^ 0x000eeb29;
				do {
					while(_t91 != 0x56d49db) {
						if(_t91 == 0x845f35b) {
							_t82 = E02BC0F86(_t106);
							asm("sbb ecx, ecx");
							_t91 = ( ~_t82 & 0xfe625aa0) + 0xd9296b1;
							continue;
						} else {
							if(_t91 == 0xbb8a3c5) {
								E02BC0D04();
								_t91 = 0xd9296b1;
								continue;
							} else {
								if(_t91 == 0xbf4f151) {
									if(E02BC8FAE(_a4) != 0) {
										_t107 = 1;
									} else {
										_t91 = 0xbb8a3c5;
										continue;
									}
								} else {
									if(_t91 != 0xd9296b1) {
										goto L12;
									} else {
										_t105 =  *0x2bd6224; // 0x0
										E02BD2B09(_v4, _t105, _v8, _v12);
									}
								}
							}
						}
						L15:
						return _t107;
					}
					_push(_t91);
					_push(_t91);
					_t81 = E02BBC5D8(0x64);
					_t111 =  &(_t111[3]);
					 *0x2bd6224 = _t81;
					_t91 = 0x845f35b;
					L12:
				} while (_t91 != 0xd85fda5);
				goto L15;
			}




















                                                                                                          0x02bb7449
                                                                                                          0x02bb744d
                                                                                                          0x02bb744f
                                                                                                          0x02bb7453
                                                                                                          0x02bb7457
                                                                                                          0x02bb745c
                                                                                                          0x02bb745d
                                                                                                          0x02bb7462
                                                                                                          0x02bb746a
                                                                                                          0x02bb7474
                                                                                                          0x02bb7476
                                                                                                          0x02bb7482
                                                                                                          0x02bb7483
                                                                                                          0x02bb748f
                                                                                                          0x02bb7495
                                                                                                          0x02bb749d
                                                                                                          0x02bb74a5
                                                                                                          0x02bb74b2
                                                                                                          0x02bb74b3
                                                                                                          0x02bb74b7
                                                                                                          0x02bb74bf
                                                                                                          0x02bb74c7
                                                                                                          0x02bb74cf
                                                                                                          0x02bb74e2
                                                                                                          0x02bb74e6
                                                                                                          0x02bb74eb
                                                                                                          0x02bb74f3
                                                                                                          0x02bb74fb
                                                                                                          0x02bb7503
                                                                                                          0x02bb750b
                                                                                                          0x02bb7513
                                                                                                          0x02bb751b
                                                                                                          0x02bb7520
                                                                                                          0x02bb7524
                                                                                                          0x02bb752c
                                                                                                          0x02bb7534
                                                                                                          0x02bb7539
                                                                                                          0x02bb7541
                                                                                                          0x02bb7549
                                                                                                          0x02bb754e
                                                                                                          0x02bb7556
                                                                                                          0x02bb7556
                                                                                                          0x02bb7564
                                                                                                          0x02bb75ad
                                                                                                          0x02bb75b6
                                                                                                          0x02bb75be
                                                                                                          0x00000000
                                                                                                          0x02bb7566
                                                                                                          0x02bb7568
                                                                                                          0x02bb75a2
                                                                                                          0x02bb75a7
                                                                                                          0x00000000
                                                                                                          0x02bb756a
                                                                                                          0x02bb7570
                                                                                                          0x02bb759c
                                                                                                          0x02bb75f8
                                                                                                          0x02bb759e
                                                                                                          0x02bb759e
                                                                                                          0x00000000
                                                                                                          0x02bb759e
                                                                                                          0x02bb7572
                                                                                                          0x02bb7574
                                                                                                          0x00000000
                                                                                                          0x02bb7576
                                                                                                          0x02bb757e
                                                                                                          0x02bb7588
                                                                                                          0x02bb758e
                                                                                                          0x02bb7574
                                                                                                          0x02bb7570
                                                                                                          0x02bb7568
                                                                                                          0x02bb75fa
                                                                                                          0x02bb7602
                                                                                                          0x02bb7602
                                                                                                          0x02bb75d2
                                                                                                          0x02bb75d3
                                                                                                          0x02bb75d6
                                                                                                          0x02bb75db
                                                                                                          0x02bb75de
                                                                                                          0x02bb75e3
                                                                                                          0x02bb75e8
                                                                                                          0x02bb75e8
                                                                                                          0x00000000

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: F$K3xq$k_
                                                                                                          • API String ID: 0-3174058581
                                                                                                          • Opcode ID: 8038faff574ea14c3af3be70bd28b1301b2d5cd79134fc25fac4277a4d4ea990
                                                                                                          • Instruction ID: 1522ef6a81a7c85d42d1225274e348a6c9e24123a030c77575628ddd6a8c5bf3
                                                                                                          • Opcode Fuzzy Hash: 8038faff574ea14c3af3be70bd28b1301b2d5cd79134fc25fac4277a4d4ea990
                                                                                                          • Instruction Fuzzy Hash: 134187716083029BC719DF24D48592FFBE1FFC8758F100A5EF58696262DBB08A08CB97
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BCA2A5, Relevance: 3.9, Strings: 3, Instructions: 105COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 63%
                                                                                                          			E02BCA2A5(intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				void* _t121;
				void* _t123;
				intOrPtr* _t124;
				signed int _t127;
				intOrPtr _t136;

				_v56 = _v56 & 0x00000000;
				_v68 = 0x56d43f;
				_v64 = 0xa378a6;
				_v60 = 0xa37ee;
				_v44 = 0x7acd08;
				_v44 = _v44 >> 9;
				_v44 = _v44 ^ 0x000369a9;
				_v12 = 0x8bcc43;
				_v12 = _v12 << 6;
				_v12 = _v12 | 0x230a0204;
				_v12 = _v12 << 8;
				_v12 = _v12 ^ 0xfb180412;
				_v8 = 0x75376c;
				_v8 = _v8 >> 9;
				_v8 = _v8 ^ 0x2bde3cb3;
				_v8 = _v8 >> 1;
				_v8 = _v8 ^ 0x15e166f0;
				_v36 = 0x2455a;
				_v36 = _v36 >> 2;
				_v36 = _v36 + 0xffff434e;
				_v36 = _v36 ^ 0xfff24d76;
				_v20 = 0x28ad7b;
				_v20 = _v20 << 6;
				_v20 = _v20 << 0x10;
				_v20 = _v20 << 0x10;
				_v20 = _v20 ^ 0x00010bf1;
				_v16 = 0xc11cd7;
				_v16 = _v16 >> 4;
				_v16 = _v16 >> 5;
				_v16 = _v16 << 2;
				_v16 = _v16 ^ 0x000c5122;
				_v48 = 0x6ce03d;
				_v48 = _v48 ^ 0x08e870e9;
				_v48 = _v48 ^ 0x08851ea6;
				_v40 = 0xece1ae;
				_v40 = _v40 | 0xa708c82b;
				_v40 = _v40 + 0xffff66a5;
				_v40 = _v40 ^ 0xa7eb2511;
				_v52 = 0x51901b;
				_v52 = _v52 << 3;
				_v52 = _v52 ^ 0x0285bcb2;
				_v32 = 0xe2234;
				_v32 = _v32 ^ 0x801b0981;
				_v32 = _v32 + 0xffff47d0;
				_v32 = _v32 + 0x1bdf;
				_v32 = _v32 ^ 0x8011a9a9;
				_v28 = 0xf9a2d;
				_v28 = _v28 + 0xffff0cd9;
				_t127 = 0x38;
				_t136 = _a4;
				_v28 = _v28 * 0x39;
				_v28 = _v28 + 0xf1da;
				_v28 = _v28 ^ 0x0344abfa;
				_v24 = 0x8a904b;
				_v24 = _v24 + 0x44ce;
				_v24 = _v24 / _t127;
				_v24 = _v24 << 0xc;
				_v24 = _v24 ^ 0x27a49ff9;
				_t121 =  *((intOrPtr*)(_t136 + 0x2c))( *((intOrPtr*)(_t136 + 0x38)), 1, 0);
				_t143 = _t121;
				if(_t121 != 0) {
					_push(_v36);
					_push(_v8);
					_push(0x2bb18ec);
					_t123 = E02BC4244(_v44, _v12, _t143);
					_push(_v40);
					_t138 = _t123;
					_push(_v48);
					_push(_t123);
					_push( *((intOrPtr*)(_t136 + 0x38)));
					_t124 = E02BD3560(_v20, _v16);
					if(_t124 != 0) {
						 *_t124();
					}
					E02BCFECB(_t138, _v52, _v32, _v28, _v24);
				}
				return 0;
			}
























                                                                                                          0x02bca2ac
                                                                                                          0x02bca2b2
                                                                                                          0x02bca2b9
                                                                                                          0x02bca2c0
                                                                                                          0x02bca2c7
                                                                                                          0x02bca2ce
                                                                                                          0x02bca2d2
                                                                                                          0x02bca2d9
                                                                                                          0x02bca2e0
                                                                                                          0x02bca2e4
                                                                                                          0x02bca2eb
                                                                                                          0x02bca2ef
                                                                                                          0x02bca2f6
                                                                                                          0x02bca2fd
                                                                                                          0x02bca301
                                                                                                          0x02bca308
                                                                                                          0x02bca30b
                                                                                                          0x02bca312
                                                                                                          0x02bca319
                                                                                                          0x02bca31d
                                                                                                          0x02bca324
                                                                                                          0x02bca32b
                                                                                                          0x02bca332
                                                                                                          0x02bca336
                                                                                                          0x02bca33a
                                                                                                          0x02bca33e
                                                                                                          0x02bca345
                                                                                                          0x02bca34c
                                                                                                          0x02bca350
                                                                                                          0x02bca354
                                                                                                          0x02bca358
                                                                                                          0x02bca35f
                                                                                                          0x02bca366
                                                                                                          0x02bca36d
                                                                                                          0x02bca374
                                                                                                          0x02bca37b
                                                                                                          0x02bca382
                                                                                                          0x02bca389
                                                                                                          0x02bca390
                                                                                                          0x02bca397
                                                                                                          0x02bca39b
                                                                                                          0x02bca3a2
                                                                                                          0x02bca3a9
                                                                                                          0x02bca3b0
                                                                                                          0x02bca3b7
                                                                                                          0x02bca3be
                                                                                                          0x02bca3c5
                                                                                                          0x02bca3cc
                                                                                                          0x02bca3d9
                                                                                                          0x02bca3da
                                                                                                          0x02bca3dd
                                                                                                          0x02bca3e0
                                                                                                          0x02bca3e7
                                                                                                          0x02bca3ee
                                                                                                          0x02bca3f5
                                                                                                          0x02bca403
                                                                                                          0x02bca406
                                                                                                          0x02bca40a
                                                                                                          0x02bca416
                                                                                                          0x02bca419
                                                                                                          0x02bca41b
                                                                                                          0x02bca41e
                                                                                                          0x02bca421
                                                                                                          0x02bca42a
                                                                                                          0x02bca42f
                                                                                                          0x02bca434
                                                                                                          0x02bca437
                                                                                                          0x02bca439
                                                                                                          0x02bca442
                                                                                                          0x02bca443
                                                                                                          0x02bca446
                                                                                                          0x02bca450
                                                                                                          0x02bca452
                                                                                                          0x02bca452
                                                                                                          0x02bca462
                                                                                                          0x02bca46a
                                                                                                          0x02bca471

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: =l$l7u$7
                                                                                                          • API String ID: 0-2380881030
                                                                                                          • Opcode ID: 83eab48e3da2adee19fea156ebdae59d4a24531592ed53cac4fe2535f2a9d2a0
                                                                                                          • Instruction ID: 0bc3df1d0d4060d268c451ab177c27866508fdda8f1b9d3a51b99bc2cd2e8b9a
                                                                                                          • Opcode Fuzzy Hash: 83eab48e3da2adee19fea156ebdae59d4a24531592ed53cac4fe2535f2a9d2a0
                                                                                                          • Instruction Fuzzy Hash: FB510F71D0021EABDF45CFE5D98A5EEBBB1FF44318F208198D912B6220D7B54A59CFA0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BBBAA9, Relevance: 3.8, Strings: 3, Instructions: 89COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 92%
                                                                                                          			E02BBBAA9(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8, signed int _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				void* _t91;
				signed int _t109;
				signed int _t110;
				signed int _t119;
				signed int _t120;

				_t119 = _a12;
				_push(_t119);
				_push(_a8);
				_push(_a4);
				E02BCFE29(_t91);
				_v36 = _v36 & 0x00000000;
				_v40 = 0x12a44;
				_v16 = 0x6d7ae4;
				_t109 = 9;
				_v16 = _v16 * 0x2c;
				_v16 = _v16 ^ 0x12d84a78;
				_v8 = 0x632f63;
				_v8 = _v8 << 0xf;
				_v8 = _v8 ^ 0x2f02a769;
				_v8 = _v8 + 0xffffcf5a;
				_v8 = _v8 ^ 0xb8bafcbb;
				_a12 = 0xb71f5c;
				_a12 = _a12 + 0x2974;
				_a12 = _a12 / _t109;
				_t110 = 0x4b;
				_a12 = _a12 * 0x6a;
				_a12 = _a12 ^ 0x0865fbc8;
				_v28 = 0x14d1df;
				_v28 = _v28 + 0x8244;
				_v28 = _v28 ^ 0x001f502f;
				_v24 = 0x8a40f8;
				_v24 = _v24 | 0x61e91a85;
				_v24 = _v24 ^ 0x61e69297;
				_v32 = 0x91ce11;
				_v32 = _v32 + 0xffffd148;
				_v32 = _v32 ^ 0x009b82ce;
				_v20 = 0xf1824f;
				_v20 = _v20 / _t110;
				_v20 = _v20 ^ 0x68027ae2;
				_v20 = _v20 >> 1;
				_v20 = _v20 ^ 0x3404b933;
				E02BBDC1B(_t110);
				_v16 = 0x8712a3;
				_v16 = _v16 + 0xf3d2;
				_v16 = _v16 + 0xffff1cdd;
				_v16 = _v16 >> 9;
				_v16 = _v16 ^ 0x00004395;
				_v12 = 0x6a396b;
				_v12 = _v12 | 0x9b16e6b5;
				_v12 = _v12 << 0xd;
				_v12 = _v12 >> 9;
				_v12 = _v12 ^ 0x006fffe0;
				_t120 = E02BCCCA0(_v16, _v12);
				E02BBE404(_v32, 1, _v20, _t120, _t119);
				 *((short*)(_t119 + _t120 * 2)) = 0;
				return 0;
			}

















                                                                                                          0x02bbbab1
                                                                                                          0x02bbbab4
                                                                                                          0x02bbbab5
                                                                                                          0x02bbbab8
                                                                                                          0x02bbbabd
                                                                                                          0x02bbbac2
                                                                                                          0x02bbbac8
                                                                                                          0x02bbbacf
                                                                                                          0x02bbbadc
                                                                                                          0x02bbbadf
                                                                                                          0x02bbbae2
                                                                                                          0x02bbbae9
                                                                                                          0x02bbbaf0
                                                                                                          0x02bbbaf4
                                                                                                          0x02bbbafb
                                                                                                          0x02bbbb02
                                                                                                          0x02bbbb09
                                                                                                          0x02bbbb10
                                                                                                          0x02bbbb1e
                                                                                                          0x02bbbb25
                                                                                                          0x02bbbb26
                                                                                                          0x02bbbb29
                                                                                                          0x02bbbb30
                                                                                                          0x02bbbb37
                                                                                                          0x02bbbb3e
                                                                                                          0x02bbbb45
                                                                                                          0x02bbbb4c
                                                                                                          0x02bbbb53
                                                                                                          0x02bbbb5a
                                                                                                          0x02bbbb61
                                                                                                          0x02bbbb68
                                                                                                          0x02bbbb6f
                                                                                                          0x02bbbb7b
                                                                                                          0x02bbbb7e
                                                                                                          0x02bbbb85
                                                                                                          0x02bbbb88
                                                                                                          0x02bbbb92
                                                                                                          0x02bbbb97
                                                                                                          0x02bbbba1
                                                                                                          0x02bbbba8
                                                                                                          0x02bbbbaf
                                                                                                          0x02bbbbb3
                                                                                                          0x02bbbbba
                                                                                                          0x02bbbbc1
                                                                                                          0x02bbbbc8
                                                                                                          0x02bbbbcc
                                                                                                          0x02bbbbd0
                                                                                                          0x02bbbbee
                                                                                                          0x02bbbbfb
                                                                                                          0x02bbbc05
                                                                                                          0x02bbbc0e

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: c/c$k9j$zm
                                                                                                          • API String ID: 0-1793526708
                                                                                                          • Opcode ID: d43419449e52b5cbd41cd5db91105e5f334013690b7b8493d0933a13370cd3ef
                                                                                                          • Instruction ID: 9767399fab24a291d8aaaceb666c2429cae29dc619a1a0f80a99e2e82cfd2423
                                                                                                          • Opcode Fuzzy Hash: d43419449e52b5cbd41cd5db91105e5f334013690b7b8493d0933a13370cd3ef
                                                                                                          • Instruction Fuzzy Hash: C04103B2D0030AABCB04DFA5D84A5EFBBB2FF44314F108599E525A6260D7B49B55CF90
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BCAD08, Relevance: 2.7, Strings: 2, Instructions: 243COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 97%
                                                                                                          			E02BCAD08() {
				char _v520;
				char _v1040;
				intOrPtr _v1044;
				intOrPtr _v1048;
				intOrPtr _v1052;
				signed int _v1056;
				signed int _v1060;
				signed int _v1064;
				signed int _v1068;
				signed int _v1072;
				signed int _v1076;
				signed int _v1080;
				signed int _v1084;
				signed int _v1088;
				signed int _v1092;
				signed int _v1096;
				signed int _v1100;
				signed int _v1104;
				signed int _v1108;
				signed int _v1112;
				signed int _v1116;
				signed int _v1120;
				signed int _v1124;
				signed int _v1128;
				signed int _v1132;
				signed int _v1136;
				signed int _v1140;
				signed int _v1144;
				void* _t263;
				intOrPtr _t264;
				intOrPtr _t267;
				void* _t273;
				void* _t277;
				intOrPtr _t310;
				signed int _t311;
				signed int _t312;
				signed int _t313;
				signed int _t314;
				signed int _t315;
				signed int _t316;
				signed int _t317;
				signed int _t318;
				signed int _t319;
				signed int* _t322;

				_t322 =  &_v1144;
				_v1052 = 0x3e8be7;
				_t310 = 0;
				_t277 = 0xe4a3d19;
				_v1048 = 0;
				_v1044 = 0;
				_v1100 = 0x8001b8;
				_t311 = 0x1c;
				_v1100 = _v1100 / _t311;
				_v1100 = _v1100 + 0x9b02;
				_v1100 = _v1100 ^ 0x0003825e;
				_v1104 = 0x6ba50e;
				_v1104 = _v1104 + 0x86a8;
				_v1104 = _v1104 << 0xa;
				_v1104 = _v1104 ^ 0xb0a58b81;
				_v1064 = 0xa5f60f;
				_v1064 = _v1064 ^ 0xf15b406a;
				_v1064 = _v1064 ^ 0xf1fbbabe;
				_v1116 = 0xfce2df;
				_v1116 = _v1116 ^ 0xb7cf3da1;
				_v1116 = _v1116 + 0x963f;
				_v1116 = _v1116 ^ 0x6f9af2b2;
				_v1116 = _v1116 ^ 0xd8ae206e;
				_v1132 = 0x6fbbde;
				_v1132 = _v1132 | 0xe49a2ecd;
				_v1132 = _v1132 + 0xd857;
				_v1132 = _v1132 + 0xffffaa9b;
				_v1132 = _v1132 ^ 0xe507ae81;
				_v1096 = 0xa4704d;
				_v1096 = _v1096 + 0x7787;
				_t312 = 0x67;
				_v1096 = _v1096 / _t312;
				_v1096 = _v1096 ^ 0x00025cd8;
				_v1084 = 0x38937;
				_t313 = 0x79;
				_v1084 = _v1084 * 0x4f;
				_v1084 = _v1084 ^ 0x5b1a1bbe;
				_v1084 = _v1084 ^ 0x5a043b4e;
				_v1136 = 0x1276ee;
				_v1136 = _v1136 + 0xffffa0e4;
				_v1136 = _v1136 + 0xffff74bb;
				_v1136 = _v1136 << 2;
				_v1136 = _v1136 ^ 0x0044c443;
				_v1068 = 0xe79065;
				_v1068 = _v1068 << 0xc;
				_v1068 = _v1068 + 0xcbe6;
				_v1068 = _v1068 ^ 0x7908daa4;
				_v1088 = 0x9a4bed;
				_v1088 = _v1088 + 0xfffff274;
				_v1088 = _v1088 + 0xb36d;
				_v1088 = _v1088 ^ 0x00951f6d;
				_v1144 = 0x62e226;
				_v1144 = _v1144 ^ 0x3dd3a3b2;
				_v1144 = _v1144 >> 0xa;
				_v1144 = _v1144 + 0xffff6a42;
				_v1144 = _v1144 ^ 0x0008f37a;
				_v1108 = 0x394fd6;
				_v1108 = _v1108 * 0x13;
				_v1108 = _v1108 / _t313;
				_v1108 = _v1108 ^ 0x00080299;
				_v1120 = 0x93d07f;
				_v1120 = _v1120 << 0xa;
				_t314 = 5;
				_v1120 = _v1120 / _t314;
				_v1120 = _v1120 ^ 0x44bcf5d7;
				_v1120 = _v1120 ^ 0x4b68940f;
				_v1072 = 0xc1f636;
				_v1072 = _v1072 | 0x86bbf578;
				_t315 = 0x47;
				_v1072 = _v1072 * 0x24;
				_v1072 = _v1072 ^ 0xfb68157e;
				_v1080 = 0x3ac036;
				_v1080 = _v1080 + 0xffffbaa8;
				_v1080 = _v1080 ^ 0x136d94c6;
				_v1080 = _v1080 ^ 0x1353f0eb;
				_v1128 = 0xb3095e;
				_v1128 = _v1128 / _t315;
				_v1128 = _v1128 | 0xf7128eca;
				_v1128 = _v1128 >> 0xc;
				_v1128 = _v1128 ^ 0x0004e558;
				_v1076 = 0x73500f;
				_v1076 = _v1076 | 0x9d7bc413;
				_v1076 = _v1076 + 0xffff6f55;
				_v1076 = _v1076 ^ 0x9d72e045;
				_v1124 = 0xc98916;
				_v1124 = _v1124 + 0x2b72;
				_v1124 = _v1124 | 0x4777986b;
				_t316 = 0x69;
				_v1124 = _v1124 / _t316;
				_v1124 = _v1124 ^ 0x00ab5a68;
				_v1140 = 0xc8b3ea;
				_t317 = 0x7e;
				_v1140 = _v1140 / _t317;
				_v1140 = _v1140 | 0x89e2a6fa;
				_v1140 = _v1140 >> 4;
				_v1140 = _v1140 ^ 0x08902903;
				_v1092 = 0x846906;
				_v1092 = _v1092 | 0x1b02230c;
				_v1092 = _v1092 + 0xffff209e;
				_v1092 = _v1092 ^ 0x1b8bec31;
				_v1056 = 0xaf8c32;
				_t318 = 0x2e;
				_v1056 = _v1056 / _t318;
				_v1056 = _v1056 ^ 0x00017103;
				_v1060 = 0x7e9355;
				_v1060 = _v1060 >> 0x10;
				_v1060 = _v1060 ^ 0x0008a840;
				_v1112 = 0x76e6c0;
				_v1112 = _v1112 ^ 0x1858c3ee;
				_t319 = 0x68;
				_v1112 = _v1112 / _t319;
				_v1112 = _v1112 >> 7;
				_v1112 = _v1112 ^ 0x000255a3;
				do {
					while(_t277 != 0xc59040) {
						if(_t277 == 0x420aa66) {
							_push(_v1084);
							_push(_v1096);
							_push(_v1132);
							_t263 = E02BCE1F8(0x2bb1000, _v1116, __eflags);
							_t264 =  *0x2bd6214; // 0x0
							_t267 =  *0x2bd6214; // 0x0
							E02BD2D0A(_v1068, __eflags, _t267 + 0x23c, _v1088, _v1144, _v1108, 0x2bb1000,  &_v1040, _t264 + 0x34, _t263);
							E02BCFECB(_t263, _v1120, _v1072, _v1080, _v1128);
							_t322 =  &(_t322[0xe]);
							_t277 = 0x835dcf5;
							continue;
						} else {
							if(_t277 == 0x835dcf5) {
								_t273 = E02BC654A(_v1076, _v1124, __eflags,  &_v520, _v1140,  &_v1040);
								_t322 =  &(_t322[3]);
								__eflags = _t273;
								_t310 =  !=  ? 1 : _t310;
								_t277 = 0xb7cde49;
								continue;
							} else {
								if(_t277 == 0xb7cde49) {
									E02BC7A0F(_v1092,  &_v1040, _v1056, _v1060, _v1112);
								} else {
									if(_t277 != 0xe4a3d19) {
										goto L10;
									} else {
										_t277 = 0xc59040;
										continue;
									}
								}
							}
						}
						L13:
						return _t310;
					}
					E02BD0DB1(_v1100,  &_v520, __eflags, _v1104, _t277, _v1064);
					_t322 =  &(_t322[3]);
					_t277 = 0x420aa66;
					L10:
					__eflags = _t277 - 0xd159d29;
				} while (__eflags != 0);
				goto L13;
			}















































                                                                                                          0x02bcad08
                                                                                                          0x02bcad0e
                                                                                                          0x02bcad1c
                                                                                                          0x02bcad1e
                                                                                                          0x02bcad23
                                                                                                          0x02bcad27
                                                                                                          0x02bcad2b
                                                                                                          0x02bcad39
                                                                                                          0x02bcad3e
                                                                                                          0x02bcad44
                                                                                                          0x02bcad4c
                                                                                                          0x02bcad54
                                                                                                          0x02bcad5c
                                                                                                          0x02bcad64
                                                                                                          0x02bcad69
                                                                                                          0x02bcad71
                                                                                                          0x02bcad79
                                                                                                          0x02bcad81
                                                                                                          0x02bcad89
                                                                                                          0x02bcad91
                                                                                                          0x02bcad99
                                                                                                          0x02bcada1
                                                                                                          0x02bcada9
                                                                                                          0x02bcadb1
                                                                                                          0x02bcadb9
                                                                                                          0x02bcadc1
                                                                                                          0x02bcadc9
                                                                                                          0x02bcadd1
                                                                                                          0x02bcadd9
                                                                                                          0x02bcade1
                                                                                                          0x02bcaded
                                                                                                          0x02bcadf2
                                                                                                          0x02bcadf8
                                                                                                          0x02bcae00
                                                                                                          0x02bcae0d
                                                                                                          0x02bcae0e
                                                                                                          0x02bcae12
                                                                                                          0x02bcae1a
                                                                                                          0x02bcae22
                                                                                                          0x02bcae2a
                                                                                                          0x02bcae32
                                                                                                          0x02bcae3a
                                                                                                          0x02bcae3f
                                                                                                          0x02bcae47
                                                                                                          0x02bcae4f
                                                                                                          0x02bcae54
                                                                                                          0x02bcae5c
                                                                                                          0x02bcae64
                                                                                                          0x02bcae6c
                                                                                                          0x02bcae74
                                                                                                          0x02bcae7c
                                                                                                          0x02bcae84
                                                                                                          0x02bcae8c
                                                                                                          0x02bcae94
                                                                                                          0x02bcae99
                                                                                                          0x02bcaea1
                                                                                                          0x02bcaea9
                                                                                                          0x02bcaeb6
                                                                                                          0x02bcaec0
                                                                                                          0x02bcaec4
                                                                                                          0x02bcaecc
                                                                                                          0x02bcaed4
                                                                                                          0x02bcaee1
                                                                                                          0x02bcaee6
                                                                                                          0x02bcaeec
                                                                                                          0x02bcaef9
                                                                                                          0x02bcaf06
                                                                                                          0x02bcaf0e
                                                                                                          0x02bcaf1b
                                                                                                          0x02bcaf1e
                                                                                                          0x02bcaf22
                                                                                                          0x02bcaf2a
                                                                                                          0x02bcaf32
                                                                                                          0x02bcaf3a
                                                                                                          0x02bcaf42
                                                                                                          0x02bcaf4a
                                                                                                          0x02bcaf5a
                                                                                                          0x02bcaf5e
                                                                                                          0x02bcaf66
                                                                                                          0x02bcaf6b
                                                                                                          0x02bcaf73
                                                                                                          0x02bcaf7b
                                                                                                          0x02bcaf83
                                                                                                          0x02bcaf8b
                                                                                                          0x02bcaf93
                                                                                                          0x02bcaf9b
                                                                                                          0x02bcafa3
                                                                                                          0x02bcafaf
                                                                                                          0x02bcafb4
                                                                                                          0x02bcafba
                                                                                                          0x02bcafc2
                                                                                                          0x02bcafce
                                                                                                          0x02bcafd3
                                                                                                          0x02bcafd9
                                                                                                          0x02bcafe1
                                                                                                          0x02bcafe6
                                                                                                          0x02bcafee
                                                                                                          0x02bcaff6
                                                                                                          0x02bcaffe
                                                                                                          0x02bcb006
                                                                                                          0x02bcb00e
                                                                                                          0x02bcb01a
                                                                                                          0x02bcb01f
                                                                                                          0x02bcb025
                                                                                                          0x02bcb02d
                                                                                                          0x02bcb035
                                                                                                          0x02bcb03a
                                                                                                          0x02bcb042
                                                                                                          0x02bcb04a
                                                                                                          0x02bcb056
                                                                                                          0x02bcb059
                                                                                                          0x02bcb05d
                                                                                                          0x02bcb062
                                                                                                          0x02bcb06a
                                                                                                          0x02bcb06a
                                                                                                          0x02bcb074
                                                                                                          0x02bcb0ca
                                                                                                          0x02bcb0d3
                                                                                                          0x02bcb0d7
                                                                                                          0x02bcb0df
                                                                                                          0x02bcb0e9
                                                                                                          0x02bcb108
                                                                                                          0x02bcb11b
                                                                                                          0x02bcb135
                                                                                                          0x02bcb13a
                                                                                                          0x02bcb13d
                                                                                                          0x00000000
                                                                                                          0x02bcb076
                                                                                                          0x02bcb07c
                                                                                                          0x02bcb0b3
                                                                                                          0x02bcb0ba
                                                                                                          0x02bcb0be
                                                                                                          0x02bcb0c0
                                                                                                          0x02bcb0c3
                                                                                                          0x00000000
                                                                                                          0x02bcb07e
                                                                                                          0x02bcb084
                                                                                                          0x02bcb187
                                                                                                          0x02bcb08a
                                                                                                          0x02bcb090
                                                                                                          0x00000000
                                                                                                          0x02bcb096
                                                                                                          0x02bcb096
                                                                                                          0x00000000
                                                                                                          0x02bcb096
                                                                                                          0x02bcb090
                                                                                                          0x02bcb084
                                                                                                          0x02bcb07c
                                                                                                          0x02bcb18f
                                                                                                          0x02bcb19b
                                                                                                          0x02bcb19b
                                                                                                          0x02bcb15b
                                                                                                          0x02bcb160
                                                                                                          0x02bcb163
                                                                                                          0x02bcb165
                                                                                                          0x02bcb165
                                                                                                          0x02bcb165
                                                                                                          0x00000000

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: &b$r+
                                                                                                          • API String ID: 0-3016113347
                                                                                                          • Opcode ID: 2b83b567998dcb8d047d0f78efcec2a34cd8b31e222f33218af2fb5502853377
                                                                                                          • Instruction ID: 990de2f47ab0808a3de8fd962d15173d6b608a6edf2a6e04acc98f275f9f2673
                                                                                                          • Opcode Fuzzy Hash: 2b83b567998dcb8d047d0f78efcec2a34cd8b31e222f33218af2fb5502853377
                                                                                                          • Instruction Fuzzy Hash: CDC142B15093409FC3A8CF66C98A90FFBE1FBD4758F108A5DF29686260D7B58949CF42
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BC4F74, Relevance: 2.7, Strings: 2, Instructions: 199COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 96%
                                                                                                          			E02BC4F74() {
				char _v524;
				signed int _v528;
				signed int _v532;
				signed int _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _v572;
				signed int _v576;
				signed int _v580;
				signed int _v584;
				signed int _v588;
				signed int _v592;
				signed int _v596;
				signed int _v600;
				signed int _v604;
				short* _t210;
				void* _t211;
				intOrPtr _t213;
				void* _t217;
				intOrPtr _t224;
				signed int _t246;
				signed int _t247;
				signed int _t248;
				signed int _t249;
				signed int _t250;
				signed int _t251;
				signed int* _t254;

				_t254 =  &_v604;
				_v528 = 0xeac4cc;
				_v528 = _v528 | 0xab847aec;
				_t217 = 0x3550051;
				_v528 = _v528 ^ 0xabe53c27;
				_v564 = 0x85ed10;
				_v564 = _v564 << 0xe;
				_v564 = _v564 | 0x02c2a82c;
				_v564 = _v564 ^ 0x7bc732f4;
				_v548 = 0x432dfc;
				_v548 = _v548 ^ 0x2e419a47;
				_v548 = _v548 ^ 0x2e0248f0;
				_v556 = 0x7b6619;
				_t246 = 0x1c;
				_v556 = _v556 / _t246;
				_v556 = _v556 << 0x10;
				_v556 = _v556 ^ 0x68371ab0;
				_v568 = 0x76f94b;
				_t247 = 7;
				_v568 = _v568 / _t247;
				_v568 = _v568 << 0xd;
				_v568 = _v568 ^ 0x1fed9d10;
				_v572 = 0x34fb4;
				_t248 = 0xf;
				_v572 = _v572 * 0x24;
				_v572 = _v572 >> 0xa;
				_v572 = _v572 ^ 0x0007943f;
				_v536 = 0xc9a576;
				_v536 = _v536 + 0xffff9d44;
				_v536 = _v536 ^ 0x00c7b609;
				_v596 = 0xae9ff5;
				_v596 = _v596 + 0xffff6f16;
				_v596 = _v596 / _t248;
				_v596 = _v596 ^ 0xfe5a1390;
				_v596 = _v596 ^ 0xfe515394;
				_v588 = 0xa8ac90;
				_t249 = 0x17;
				_v588 = _v588 / _t249;
				_v588 = _v588 << 4;
				_v588 = _v588 + 0xfffff77b;
				_v588 = _v588 ^ 0x007f9eed;
				_v600 = 0xc58072;
				_v600 = _v600 + 0xffffcbc9;
				_v600 = _v600 << 4;
				_v600 = _v600 * 0x72;
				_v600 = _v600 ^ 0x7db93259;
				_v604 = 0x4fbb0c;
				_v604 = _v604 << 0xa;
				_v604 = _v604 << 7;
				_v604 = _v604 * 0x27;
				_v604 = _v604 ^ 0xfda02730;
				_v544 = 0x5fc89d;
				_v544 = _v544 | 0x6496792e;
				_v544 = _v544 ^ 0x64dc06aa;
				_v580 = 0xa4bd54;
				_v580 = _v580 + 0xffff47e7;
				_v580 = _v580 >> 0x10;
				_v580 = _v580 + 0xffff9f11;
				_v580 = _v580 ^ 0xfff905b7;
				_v560 = 0x8ec0a6;
				_v560 = _v560 ^ 0x51bd2871;
				_t250 = 0x75;
				_v560 = _v560 / _t250;
				_v560 = _v560 ^ 0x00b97c8d;
				_v584 = 0x6990b8;
				_v584 = _v584 ^ 0x9d650ba3;
				_v584 = _v584 ^ 0x6675860f;
				_v584 = _v584 + 0xffff1bcf;
				_v584 = _v584 ^ 0xfb748c23;
				_v592 = 0xef0f92;
				_v592 = _v592 ^ 0x945975ed;
				_v592 = _v592 + 0xffff8646;
				_v592 = _v592 + 0xfffff2e1;
				_v592 = _v592 ^ 0x94bb4d80;
				_v552 = 0xcb75d7;
				_t251 = 0x65;
				_v552 = _v552 * 0x6f;
				_v552 = _v552 ^ 0xe1e1c84b;
				_v552 = _v552 ^ 0xb9d9c47b;
				_v576 = 0x1cf321;
				_v576 = _v576 + 0xffffc0e0;
				_v576 = _v576 >> 0x10;
				_v576 = _v576 << 7;
				_v576 = _v576 ^ 0x000d9bab;
				_v532 = 0x45ea0d;
				_v532 = _v532 / _t251;
				_v532 = _v532 ^ 0x000fbf52;
				_v540 = 0x89573e;
				_v540 = _v540 + 0xffffd980;
				_v540 = _v540 ^ 0x008ac7ea;
				do {
					while(_t217 != 0x2095a83) {
						if(_t217 == 0x3550051) {
							_t217 = 0xca1b903;
							continue;
						} else {
							if(_t217 == 0xba5f136) {
								_t210 = E02BC09DD(_v560,  &_v524, _v584, _v592);
								 *_t210 = 0;
								_t217 = 0x2095a83;
								continue;
							} else {
								_t260 = _t217 - 0xca1b903;
								if(_t217 == 0xca1b903) {
									_push(_v556);
									_push(_v548);
									_push(_v564);
									_t211 = E02BCE1F8(0x2bb1000, _v528, _t260);
									_t224 =  *0x2bd6214; // 0x0
									_t213 =  *0x2bd6214; // 0x0
									E02BD2D0A(_v572, _t260, _t213 + 0x23c, _v536, _v596, _v588, _t224 + 0x34,  &_v524, _t224 + 0x34, _t211);
									_t210 = E02BCFECB(_t211, _v600, _v604, _v544, _v580);
									_t254 =  &(_t254[0xe]);
									_t217 = 0xba5f136;
									continue;
								}
							}
						}
						goto L9;
					}
					E02BC437A(E02BCBEFD, _v552, _v576, _v532, _v540, 0,  &_v524,  &_v524);
					_t254 =  &(_t254[6]);
					_t217 = 0x9325c58;
					L9:
					__eflags = _t217 - 0x9325c58;
				} while (__eflags != 0);
				return _t210;
			}




































                                                                                                          0x02bc4f74
                                                                                                          0x02bc4f7a
                                                                                                          0x02bc4f84
                                                                                                          0x02bc4f8c
                                                                                                          0x02bc4f91
                                                                                                          0x02bc4f99
                                                                                                          0x02bc4fa1
                                                                                                          0x02bc4fa6
                                                                                                          0x02bc4fae
                                                                                                          0x02bc4fb6
                                                                                                          0x02bc4fbe
                                                                                                          0x02bc4fc6
                                                                                                          0x02bc4fce
                                                                                                          0x02bc4fe0
                                                                                                          0x02bc4fe5
                                                                                                          0x02bc4feb
                                                                                                          0x02bc4ff0
                                                                                                          0x02bc4ff8
                                                                                                          0x02bc5004
                                                                                                          0x02bc5009
                                                                                                          0x02bc500f
                                                                                                          0x02bc5014
                                                                                                          0x02bc501c
                                                                                                          0x02bc5029
                                                                                                          0x02bc502c
                                                                                                          0x02bc5030
                                                                                                          0x02bc5035
                                                                                                          0x02bc503d
                                                                                                          0x02bc5045
                                                                                                          0x02bc504d
                                                                                                          0x02bc5055
                                                                                                          0x02bc505d
                                                                                                          0x02bc506d
                                                                                                          0x02bc5071
                                                                                                          0x02bc5079
                                                                                                          0x02bc5081
                                                                                                          0x02bc508d
                                                                                                          0x02bc5090
                                                                                                          0x02bc5094
                                                                                                          0x02bc5099
                                                                                                          0x02bc50a1
                                                                                                          0x02bc50a9
                                                                                                          0x02bc50b1
                                                                                                          0x02bc50b9
                                                                                                          0x02bc50c3
                                                                                                          0x02bc50c7
                                                                                                          0x02bc50cf
                                                                                                          0x02bc50d7
                                                                                                          0x02bc50dc
                                                                                                          0x02bc50e6
                                                                                                          0x02bc50ea
                                                                                                          0x02bc50f2
                                                                                                          0x02bc50fa
                                                                                                          0x02bc5102
                                                                                                          0x02bc510a
                                                                                                          0x02bc5112
                                                                                                          0x02bc511a
                                                                                                          0x02bc511f
                                                                                                          0x02bc5127
                                                                                                          0x02bc512f
                                                                                                          0x02bc5139
                                                                                                          0x02bc5151
                                                                                                          0x02bc5156
                                                                                                          0x02bc515c
                                                                                                          0x02bc5169
                                                                                                          0x02bc5171
                                                                                                          0x02bc5179
                                                                                                          0x02bc5181
                                                                                                          0x02bc5189
                                                                                                          0x02bc5191
                                                                                                          0x02bc5199
                                                                                                          0x02bc51a1
                                                                                                          0x02bc51a9
                                                                                                          0x02bc51b1
                                                                                                          0x02bc51b9
                                                                                                          0x02bc51c6
                                                                                                          0x02bc51c7
                                                                                                          0x02bc51cb
                                                                                                          0x02bc51d3
                                                                                                          0x02bc51db
                                                                                                          0x02bc51e3
                                                                                                          0x02bc51eb
                                                                                                          0x02bc51f0
                                                                                                          0x02bc51f5
                                                                                                          0x02bc51fd
                                                                                                          0x02bc520b
                                                                                                          0x02bc520f
                                                                                                          0x02bc5217
                                                                                                          0x02bc521f
                                                                                                          0x02bc5227
                                                                                                          0x02bc522f
                                                                                                          0x02bc522f
                                                                                                          0x02bc523d
                                                                                                          0x02bc52f2
                                                                                                          0x00000000
                                                                                                          0x02bc5243
                                                                                                          0x02bc5249
                                                                                                          0x02bc52df
                                                                                                          0x02bc52e8
                                                                                                          0x02bc52eb
                                                                                                          0x00000000
                                                                                                          0x02bc524f
                                                                                                          0x02bc524f
                                                                                                          0x02bc5251
                                                                                                          0x02bc5257
                                                                                                          0x02bc5260
                                                                                                          0x02bc5264
                                                                                                          0x02bc526c
                                                                                                          0x02bc5271
                                                                                                          0x02bc5293
                                                                                                          0x02bc52a6
                                                                                                          0x02bc52bd
                                                                                                          0x02bc52c2
                                                                                                          0x02bc52c5
                                                                                                          0x00000000
                                                                                                          0x02bc52c5
                                                                                                          0x02bc5251
                                                                                                          0x02bc5249
                                                                                                          0x00000000
                                                                                                          0x02bc523d
                                                                                                          0x02bc5316
                                                                                                          0x02bc531b
                                                                                                          0x02bc531e
                                                                                                          0x02bc5320
                                                                                                          0x02bc5320
                                                                                                          0x02bc5320
                                                                                                          0x02bc5332

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: E$X\2
                                                                                                          • API String ID: 0-703089088
                                                                                                          • Opcode ID: 685699b3ad6d602cf31eb137683af1496da4ed1a9df54a197e86d079ffedc4c1
                                                                                                          • Instruction ID: 7e47808318d04e6976d2912d21b5d16087f6a221be9742403f184599a3f4fcf2
                                                                                                          • Opcode Fuzzy Hash: 685699b3ad6d602cf31eb137683af1496da4ed1a9df54a197e86d079ffedc4c1
                                                                                                          • Instruction Fuzzy Hash: C59122715083809FC368CF25D88951BBBE2FBC53A8F604A1DF2D696260D3B19A49CF47
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BBDE74, Relevance: 2.7, Strings: 2, Instructions: 193COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 100%
                                                                                                          			E02BBDE74() {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				intOrPtr _t162;
				intOrPtr _t166;
				intOrPtr _t168;
				void* _t169;
				signed int _t171;
				signed int _t172;
				intOrPtr _t196;
				void* _t201;
				char _t202;
				signed int* _t203;
				void* _t205;

				_t203 =  &_v92;
				_v48 = 0x569f20;
				_v48 = _v48 * 0x6b;
				_t169 = 0;
				_v48 = _v48 ^ 0x2435b753;
				_t201 = 0xa773912;
				_v36 = 0xa39ca1;
				_v36 = _v36 + 0xffff508a;
				_v36 = _v36 ^ 0x00aa5884;
				_v84 = 0x943e6a;
				_v84 = _v84 >> 0xa;
				_v84 = _v84 + 0x5d77;
				_t171 = 0x78;
				_v84 = _v84 * 0xe;
				_v84 = _v84 ^ 0x0005cfbb;
				_v72 = 0x1e0d0a;
				_v72 = _v72 | 0x4cfb6fde;
				_v72 = _v72 + 0xffff94ff;
				_v72 = _v72 ^ 0x4cfa3edf;
				_v80 = 0xa086f6;
				_v80 = _v80 << 0x10;
				_v80 = _v80 >> 5;
				_v80 = _v80 + 0xffff18d5;
				_v80 = _v80 ^ 0x0432d7e2;
				_v68 = 0xb8dd27;
				_v68 = _v68 | 0xebb7bfbf;
				_v68 = _v68 ^ 0xebb8c1a9;
				_v32 = 0x418b74;
				_v32 = _v32 * 0x7e;
				_v32 = _v32 ^ 0x2049f6fa;
				_v64 = 0x577cf5;
				_v64 = _v64 * 0x64;
				_v64 = _v64 / _t171;
				_v64 = _v64 ^ 0x004a237d;
				_v76 = 0x4c7ee;
				_v76 = _v76 ^ 0x14a6b669;
				_v76 = _v76 << 4;
				_v76 = _v76 ^ 0x4a231390;
				_v44 = 0xd26523;
				_v44 = _v44 | 0x7504cc1f;
				_v44 = _v44 ^ 0x75d3d950;
				_v88 = 0x7e3e67;
				_v88 = _v88 >> 5;
				_v88 = _v88 + 0xfffffc49;
				_v88 = _v88 >> 0x10;
				_v88 = _v88 ^ 0x000c6abf;
				_v40 = 0x647ef6;
				_v40 = _v40 >> 7;
				_v40 = _v40 ^ 0x00028bbb;
				_v92 = 0x531e5a;
				_v92 = _v92 << 8;
				_v92 = _v92 | 0xbedf5cfb;
				_v92 = _v92 ^ 0xffdbb821;
				_v52 = 0xaf5b7e;
				_v52 = _v52 ^ 0x54b2eb64;
				_v52 = _v52 >> 3;
				_v52 = _v52 ^ 0x0a8e907d;
				_v56 = 0x7e69cb;
				_t172 = 0x76;
				_v56 = _v56 / _t172;
				_v56 = _v56 + 0xffff7440;
				_v56 = _v56 ^ 0x00047804;
				_v60 = 0x4d1deb;
				_v60 = _v60 | 0x7db56f6d;
				_v60 = _v60 + 0xffff2308;
				_v60 = _v60 ^ 0x7dffdcf4;
				_t200 = _v28;
				_t202 = _v28;
				goto L1;
				do {
					while(1) {
						L1:
						_t205 = _t201 - 0xa773912;
						if(_t205 > 0) {
							break;
						}
						if(_t205 == 0) {
							_t201 = 0xa19a195;
							continue;
						}
						if(_t201 == 0x6df88bf) {
							E02BB54B6(_v52, _v56, _v60, _t200);
							L25:
							return _t169;
						}
						if(_t201 == 0x82168a7) {
							E02BD2B09(_v88, _v24, _v40, _v92);
							_t201 = 0x6df88bf;
							continue;
						}
						if(_t201 == 0x88022e2) {
							_t196 =  *0x2bd6214; // 0x0
							E02BCE0F2(_v8 + 1, _t196 + 0x23c, _v76, _v44, _v12);
							_t162 =  *0x2bd6214; // 0x0
							_t203 =  &(_t203[3]);
							_t169 = 1;
							_t201 = 0x82168a7;
							 *((intOrPtr*)(_t162 + 0x24)) = _v16;
							continue;
						}
						if(_t201 != 0xa19a195) {
							goto L22;
						} else {
							_t202 = E02BBC307();
							_t201 = 0xf928839;
							continue;
						}
					}
					if(_t201 == 0xbfd8a94) {
						if(E02BBE640(_v32, _v64,  &_v24,  &_v16) == 0) {
							_t201 = 0x82168a7;
							goto L22;
						}
						_t201 = 0x88022e2;
						goto L1;
					}
					if(_t201 == 0xeffcd22) {
						_t201 = 0x6df88bf;
						if(_v28 > 2) {
							_t166 = E02BCF840( *((intOrPtr*)(_t200 + 8)), _v80,  &_v20, _v68);
							_v24 = _t166;
							if(_t166 != 0) {
								_t201 = 0xbfd8a94;
							}
						}
						goto L1;
					}
					if(_t201 != 0xf928839) {
						goto L22;
					}
					_t168 = E02BC8C7D(_t202, _v36,  &_v28, _v84, _v72);
					_t200 = _t168;
					_t203 =  &(_t203[3]);
					if(_t168 == 0) {
						goto L25;
					}
					_t201 = 0xeffcd22;
					goto L1;
					L22:
				} while (_t201 != 0x8019399);
				goto L25;
			}




































                                                                                                          0x02bbde74
                                                                                                          0x02bbde77
                                                                                                          0x02bbde8a
                                                                                                          0x02bbde8e
                                                                                                          0x02bbde90
                                                                                                          0x02bbde98
                                                                                                          0x02bbde9d
                                                                                                          0x02bbdea5
                                                                                                          0x02bbdead
                                                                                                          0x02bbdeb5
                                                                                                          0x02bbdebd
                                                                                                          0x02bbdec2
                                                                                                          0x02bbded1
                                                                                                          0x02bbded4
                                                                                                          0x02bbded8
                                                                                                          0x02bbdee0
                                                                                                          0x02bbdee8
                                                                                                          0x02bbdef0
                                                                                                          0x02bbdef8
                                                                                                          0x02bbdf00
                                                                                                          0x02bbdf08
                                                                                                          0x02bbdf0d
                                                                                                          0x02bbdf12
                                                                                                          0x02bbdf1a
                                                                                                          0x02bbdf22
                                                                                                          0x02bbdf2a
                                                                                                          0x02bbdf32
                                                                                                          0x02bbdf3a
                                                                                                          0x02bbdf47
                                                                                                          0x02bbdf4b
                                                                                                          0x02bbdf53
                                                                                                          0x02bbdf60
                                                                                                          0x02bbdf6c
                                                                                                          0x02bbdf70
                                                                                                          0x02bbdf78
                                                                                                          0x02bbdf80
                                                                                                          0x02bbdf88
                                                                                                          0x02bbdf8d
                                                                                                          0x02bbdf95
                                                                                                          0x02bbdf9d
                                                                                                          0x02bbdfa5
                                                                                                          0x02bbdfad
                                                                                                          0x02bbdfb5
                                                                                                          0x02bbdfba
                                                                                                          0x02bbdfc2
                                                                                                          0x02bbdfc7
                                                                                                          0x02bbdfcf
                                                                                                          0x02bbdfd7
                                                                                                          0x02bbdfdc
                                                                                                          0x02bbdfe4
                                                                                                          0x02bbdfec
                                                                                                          0x02bbdff1
                                                                                                          0x02bbdff9
                                                                                                          0x02bbe001
                                                                                                          0x02bbe009
                                                                                                          0x02bbe011
                                                                                                          0x02bbe016
                                                                                                          0x02bbe01e
                                                                                                          0x02bbe02a
                                                                                                          0x02bbe02d
                                                                                                          0x02bbe031
                                                                                                          0x02bbe039
                                                                                                          0x02bbe041
                                                                                                          0x02bbe049
                                                                                                          0x02bbe051
                                                                                                          0x02bbe059
                                                                                                          0x02bbe061
                                                                                                          0x02bbe065
                                                                                                          0x02bbe065
                                                                                                          0x02bbe069
                                                                                                          0x02bbe069
                                                                                                          0x02bbe069
                                                                                                          0x02bbe069
                                                                                                          0x02bbe06f
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bbe075
                                                                                                          0x02bbe116
                                                                                                          0x00000000
                                                                                                          0x02bbe116
                                                                                                          0x02bbe081
                                                                                                          0x02bbe1f3
                                                                                                          0x02bbe1fd
                                                                                                          0x02bbe203
                                                                                                          0x02bbe203
                                                                                                          0x02bbe08d
                                                                                                          0x02bbe105
                                                                                                          0x02bbe10c
                                                                                                          0x00000000
                                                                                                          0x02bbe10c
                                                                                                          0x02bbe095
                                                                                                          0x02bbe0c1
                                                                                                          0x02bbe0d4
                                                                                                          0x02bbe0d9
                                                                                                          0x02bbe0e4
                                                                                                          0x02bbe0e7
                                                                                                          0x02bbe0e8
                                                                                                          0x02bbe0ed
                                                                                                          0x00000000
                                                                                                          0x02bbe0ed
                                                                                                          0x02bbe09d
                                                                                                          0x00000000
                                                                                                          0x02bbe0a3
                                                                                                          0x02bbe0ac
                                                                                                          0x02bbe0ae
                                                                                                          0x00000000
                                                                                                          0x02bbe0ae
                                                                                                          0x02bbe09d
                                                                                                          0x02bbe126
                                                                                                          0x02bbe1c7
                                                                                                          0x02bbe1d3
                                                                                                          0x00000000
                                                                                                          0x02bbe1d3
                                                                                                          0x02bbe1c9
                                                                                                          0x00000000
                                                                                                          0x02bbe1c9
                                                                                                          0x02bbe132
                                                                                                          0x02bbe174
                                                                                                          0x02bbe179
                                                                                                          0x02bbe18f
                                                                                                          0x02bbe194
                                                                                                          0x02bbe19c
                                                                                                          0x02bbe1a2
                                                                                                          0x02bbe1a2
                                                                                                          0x02bbe19c
                                                                                                          0x00000000
                                                                                                          0x02bbe179
                                                                                                          0x02bbe13a
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bbe153
                                                                                                          0x02bbe158
                                                                                                          0x02bbe15a
                                                                                                          0x02bbe15f
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bbe165
                                                                                                          0x00000000
                                                                                                          0x02bbe1d8
                                                                                                          0x02bbe1d8
                                                                                                          0x00000000

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: g>~$}#J
                                                                                                          • API String ID: 0-4030106083
                                                                                                          • Opcode ID: bfdeba6506371b0fefd221a5c29ed6256478935c34621311e22416aa8b0c9208
                                                                                                          • Instruction ID: 69de4c926d7c0e9bc6b8f1a43a10c4263d0b9eda21e9ef9ee3ac88116dbb2e70
                                                                                                          • Opcode Fuzzy Hash: bfdeba6506371b0fefd221a5c29ed6256478935c34621311e22416aa8b0c9208
                                                                                                          • Instruction Fuzzy Hash: 9D9155718083418FC759CF25C4854ABFBE1BF84358F904A6EF89A97260C3B5DA49CF86
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BBE7DE, Relevance: 2.7, Strings: 2, Instructions: 191COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 94%
                                                                                                          			E02BBE7DE(void* __ecx, void* __edx, intOrPtr _a4, signed int* _a8, intOrPtr _a12) {
				char _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				unsigned int _v124;
				signed int _v128;
				void* _t159;
				signed int _t180;
				signed int _t189;
				signed int _t190;
				signed int _t191;
				void* _t194;
				signed int* _t212;
				signed int* _t215;

				_t212 = _a8;
				_push(_a12);
				_t211 = _a4;
				_push(_t212);
				_push(_a4);
				_push(__ecx);
				E02BCFE29(_t159);
				_v88 = 0xa74a92;
				_t215 =  &(( &_v128)[5]);
				_v88 = _v88 + 0x6289;
				_v88 = _v88 ^ 0x00a7ad1b;
				_t194 = 0x98d5ac6;
				_v72 = 0xabb696;
				_v72 = _v72 + 0xffffe542;
				_v72 = _v72 ^ 0x00a9fc0a;
				_v120 = 0x8dd565;
				_v120 = _v120 + 0xffff1d47;
				_v120 = _v120 + 0x56a1;
				_v120 = _v120 << 7;
				_v120 = _v120 ^ 0x46a17a82;
				_v124 = 0x8aacb4;
				_t189 = 0x6e;
				_v124 = _v124 / _t189;
				_v124 = _v124 >> 9;
				_v124 = _v124 >> 1;
				_v124 = _v124 ^ 0x000ba54e;
				_v76 = 0x9f90a6;
				_v76 = _v76 | 0x682faec6;
				_v76 = _v76 ^ 0x68b53021;
				_v80 = 0xfbe8ab;
				_v80 = _v80 << 0xc;
				_v80 = _v80 ^ 0xbe8fb9cd;
				_v84 = 0x1efa1;
				_v84 = _v84 >> 3;
				_v84 = _v84 ^ 0x0009eae4;
				_v92 = 0xb2d03c;
				_v92 = _v92 ^ 0x8bcf93b7;
				_v92 = _v92 ^ 0x8b76d684;
				_v100 = 0x2cdd15;
				_v100 = _v100 << 2;
				_v100 = _v100 ^ 0x00bdfcd6;
				_v104 = 0x2a00e4;
				_v104 = _v104 | 0x603c2e46;
				_v104 = _v104 + 0xffff11ee;
				_v104 = _v104 ^ 0x6032c829;
				_v128 = 0xd0d9f9;
				_v128 = _v128 + 0x4e1d;
				_t190 = 0x14;
				_v128 = _v128 * 0x58;
				_v128 = _v128 / _t190;
				_v128 = _v128 ^ 0x0398a77e;
				_v68 = 0x2cfb4c;
				_t191 = 0x67;
				_v68 = _v68 / _t191;
				_v68 = _v68 ^ 0x000f6b94;
				_v112 = 0x1ddb62;
				_v112 = _v112 + 0x6002;
				_v112 = _v112 << 2;
				_v112 = _v112 + 0xe88d;
				_v112 = _v112 ^ 0x0072622d;
				_v116 = 0x4c27f5;
				_v116 = _v116 >> 0xb;
				_v116 = _v116 | 0x0ee4ea1c;
				_v116 = _v116 * 0x4e;
				_v116 = _v116 ^ 0x89b93018;
				_v108 = 0x73a5e7;
				_v108 = _v108 * 0x7d;
				_v108 = _v108 >> 1;
				_v108 = _v108 << 8;
				_v108 = _v108 ^ 0x3c03dbf2;
				_v64 = 0x20f8;
				_v64 = _v64 >> 0xe;
				_v64 = _v64 ^ 0x0009aa09;
				_v96 = 0x5991b1;
				_v96 = _v96 | 0x807a0890;
				_v96 = _v96 << 3;
				_v96 = _v96 ^ 0x03d0ebbf;
				do {
					while(_t194 != 0x8b4e35) {
						if(_t194 == 0x2701dd5) {
							E02BCCAD5(_v68, _v112, __eflags, _v116, _t211,  &_v60);
							_t215 =  &(_t215[3]);
							_t194 = 0x8b4e35;
							continue;
						} else {
							if(_t194 == 0x3d33b80) {
								_push(_t194);
								_push(_t194);
								_t180 = E02BBC5D8(_t212[1]);
								_t215 =  &(_t215[3]);
								 *_t212 = _t180;
								__eflags = _t180;
								if(__eflags != 0) {
									_t194 = 0x48381f5;
									continue;
								}
							} else {
								if(_t194 == 0x48381f5) {
									E02BB22A6(_t212, _v80,  &_v60, _v84);
									_t215 =  &(_t215[2]);
									_t194 = 0xae51dd8;
									continue;
								} else {
									if(_t194 == 0x62374bf) {
										_t212[1] = E02BC5333(_t211);
										_t194 = 0x3d33b80;
										continue;
									} else {
										if(_t194 == 0x98d5ac6) {
											_t194 = 0x62374bf;
											 *_t212 =  *_t212 & 0x00000000;
											_t212[1] = _v88;
											continue;
										} else {
											if(_t194 != 0xae51dd8) {
												goto L16;
											} else {
												E02BC0A90(_v92, _v100, _v104,  &_v60, _v128,  *((intOrPtr*)(_t211 + 0x20)));
												_t215 =  &(_t215[4]);
												_t194 = 0x2701dd5;
												continue;
											}
										}
									}
								}
							}
						}
						goto L17;
					}
					E02BCCAD5(_v108, _v64, __eflags, _v96, _t211 + 0x18,  &_v60);
					_t215 =  &(_t215[3]);
					_t194 = 0x462b9b2;
					L16:
					__eflags = _t194 - 0x462b9b2;
				} while (__eflags != 0);
				L17:
				__eflags =  *_t212;
				_t158 =  *_t212 != 0;
				__eflags = _t158;
				return 0 | _t158;
			}





























                                                                                                          0x02bbe7e7
                                                                                                          0x02bbe7ef
                                                                                                          0x02bbe7f6
                                                                                                          0x02bbe7fd
                                                                                                          0x02bbe7fe
                                                                                                          0x02bbe800
                                                                                                          0x02bbe801
                                                                                                          0x02bbe806
                                                                                                          0x02bbe80e
                                                                                                          0x02bbe811
                                                                                                          0x02bbe81b
                                                                                                          0x02bbe823
                                                                                                          0x02bbe828
                                                                                                          0x02bbe830
                                                                                                          0x02bbe838
                                                                                                          0x02bbe840
                                                                                                          0x02bbe848
                                                                                                          0x02bbe850
                                                                                                          0x02bbe858
                                                                                                          0x02bbe85d
                                                                                                          0x02bbe865
                                                                                                          0x02bbe873
                                                                                                          0x02bbe878
                                                                                                          0x02bbe87e
                                                                                                          0x02bbe883
                                                                                                          0x02bbe887
                                                                                                          0x02bbe88f
                                                                                                          0x02bbe897
                                                                                                          0x02bbe89f
                                                                                                          0x02bbe8a7
                                                                                                          0x02bbe8af
                                                                                                          0x02bbe8b4
                                                                                                          0x02bbe8bc
                                                                                                          0x02bbe8c4
                                                                                                          0x02bbe8c9
                                                                                                          0x02bbe8d1
                                                                                                          0x02bbe8d9
                                                                                                          0x02bbe8e1
                                                                                                          0x02bbe8e9
                                                                                                          0x02bbe8f9
                                                                                                          0x02bbe8fe
                                                                                                          0x02bbe906
                                                                                                          0x02bbe90e
                                                                                                          0x02bbe916
                                                                                                          0x02bbe91e
                                                                                                          0x02bbe926
                                                                                                          0x02bbe92e
                                                                                                          0x02bbe93b
                                                                                                          0x02bbe93e
                                                                                                          0x02bbe94a
                                                                                                          0x02bbe94e
                                                                                                          0x02bbe956
                                                                                                          0x02bbe962
                                                                                                          0x02bbe965
                                                                                                          0x02bbe969
                                                                                                          0x02bbe971
                                                                                                          0x02bbe979
                                                                                                          0x02bbe981
                                                                                                          0x02bbe986
                                                                                                          0x02bbe98e
                                                                                                          0x02bbe996
                                                                                                          0x02bbe99e
                                                                                                          0x02bbe9a8
                                                                                                          0x02bbe9ba
                                                                                                          0x02bbe9be
                                                                                                          0x02bbe9c6
                                                                                                          0x02bbe9d3
                                                                                                          0x02bbe9d7
                                                                                                          0x02bbe9db
                                                                                                          0x02bbe9e0
                                                                                                          0x02bbe9e8
                                                                                                          0x02bbe9f0
                                                                                                          0x02bbe9f5
                                                                                                          0x02bbe9fd
                                                                                                          0x02bbea05
                                                                                                          0x02bbea0d
                                                                                                          0x02bbea12
                                                                                                          0x02bbea1a
                                                                                                          0x02bbea1a
                                                                                                          0x02bbea2c
                                                                                                          0x02bbeb00
                                                                                                          0x02bbeb05
                                                                                                          0x02bbeb08
                                                                                                          0x00000000
                                                                                                          0x02bbea32
                                                                                                          0x02bbea38
                                                                                                          0x02bbead4
                                                                                                          0x02bbead5
                                                                                                          0x02bbead9
                                                                                                          0x02bbeade
                                                                                                          0x02bbeae1
                                                                                                          0x02bbeae3
                                                                                                          0x02bbeae5
                                                                                                          0x02bbeae7
                                                                                                          0x00000000
                                                                                                          0x02bbeae7
                                                                                                          0x02bbea3e
                                                                                                          0x02bbea40
                                                                                                          0x02bbeab2
                                                                                                          0x02bbeab7
                                                                                                          0x02bbeaba
                                                                                                          0x00000000
                                                                                                          0x02bbea42
                                                                                                          0x02bbea44
                                                                                                          0x02bbea96
                                                                                                          0x02bbea99
                                                                                                          0x00000000
                                                                                                          0x02bbea46
                                                                                                          0x02bbea4c
                                                                                                          0x02bbea85
                                                                                                          0x02bbea87
                                                                                                          0x02bbea8a
                                                                                                          0x00000000
                                                                                                          0x02bbea4e
                                                                                                          0x02bbea54
                                                                                                          0x00000000
                                                                                                          0x02bbea5a
                                                                                                          0x02bbea72
                                                                                                          0x02bbea77
                                                                                                          0x02bbea7a
                                                                                                          0x00000000
                                                                                                          0x02bbea7a
                                                                                                          0x02bbea54
                                                                                                          0x02bbea4c
                                                                                                          0x02bbea44
                                                                                                          0x02bbea40
                                                                                                          0x02bbea38
                                                                                                          0x00000000
                                                                                                          0x02bbea2c
                                                                                                          0x02bbeb27
                                                                                                          0x02bbeb2c
                                                                                                          0x02bbeb2f
                                                                                                          0x02bbeb34
                                                                                                          0x02bbeb34
                                                                                                          0x02bbeb34
                                                                                                          0x02bbeb40
                                                                                                          0x02bbeb42
                                                                                                          0x02bbeb47
                                                                                                          0x02bbeb47
                                                                                                          0x02bbeb51

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: -br$F.<`
                                                                                                          • API String ID: 0-3678315648
                                                                                                          • Opcode ID: eaec14a4876c9c72c20777f37d81c5f73ce4be34e10a3d9202af31a534b2139e
                                                                                                          • Instruction ID: 536d3fdd73ac2daf92f0bc1c5baf9a4f764ca7a1db4096b4a526ba7873525717
                                                                                                          • Opcode Fuzzy Hash: eaec14a4876c9c72c20777f37d81c5f73ce4be34e10a3d9202af31a534b2139e
                                                                                                          • Instruction Fuzzy Hash: DA9151B15083419FC359CF60C98996BBBE5FF95748F40891DF68696260D3B1DA48CF83
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BC654A, Relevance: 2.7, Strings: 2, Instructions: 157COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 91%
                                                                                                          			E02BC654A(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				short _v88;
				char* _v92;
				char* _v96;
				signed int _v100;
				char _v104;
				char _v624;
				char _v1144;
				void* _t168;
				signed int _t200;
				signed int _t204;
				signed int _t205;
				signed int _t206;

				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E02BCFE29(_t168);
				_v48 = 0xcd00f6;
				_v48 = _v48 + 0xcd83;
				_v48 = _v48 ^ 0x09b3856c;
				_v48 = _v48 ^ 0x097e4b14;
				_v68 = 0x47ecc1;
				_v68 = _v68 >> 0xf;
				_v68 = _v68 ^ 0x0000069b;
				_v56 = 0x5623e4;
				_t204 = 0x5e;
				_v56 = _v56 * 0x5b;
				_v56 = _v56 >> 2;
				_v56 = _v56 ^ 0x07a7b883;
				_v60 = 0x9f93bd;
				_v60 = _v60 ^ 0x1b2b58cc;
				_v60 = _v60 ^ 0x1bb3b428;
				_v36 = 0x1947a4;
				_v36 = _v36 | 0x7bdfb0e1;
				_v36 = _v36 ^ 0x7bdfc232;
				_v52 = 0x76ccb;
				_v52 = _v52 * 0x2b;
				_v52 = _v52 ^ 0x7f6a3668;
				_v52 = _v52 ^ 0x7e52560e;
				_v24 = 0x419396;
				_v24 = _v24 / _t204;
				_t205 = 0x46;
				_v24 = _v24 * 0x57;
				_v24 = _v24 ^ 0x845af85c;
				_v24 = _v24 ^ 0x84646483;
				_v16 = 0xd7b9b6;
				_v16 = _v16 >> 6;
				_v16 = _v16 >> 0xc;
				_v16 = _v16 << 0xa;
				_v16 = _v16 ^ 0x000408e3;
				_v44 = 0x89b89f;
				_v44 = _v44 * 0x1b;
				_v44 = _v44 / _t205;
				_v44 = _v44 ^ 0x00329adc;
				_v40 = 0x7c911;
				_v40 = _v40 >> 0xe;
				_v40 = _v40 | 0x9fb7bc96;
				_v40 = _v40 ^ 0x9fbb58de;
				_v32 = 0x2960c2;
				_v32 = _v32 >> 0xd;
				_t206 = 0x3b;
				_v32 = _v32 * 0x6a;
				_v32 = _v32 ^ 0x000737d7;
				_v8 = 0x50758c;
				_v8 = _v8 * 0x1a;
				_v8 = _v8 / _t206;
				_v8 = _v8 + 0xffffa1a5;
				_v8 = _v8 ^ 0x002c6c3d;
				_v72 = 0xae2241;
				_v72 = _v72 >> 6;
				_v72 = _v72 ^ 0x0004039d;
				_v28 = 0x59a91e;
				_v28 = _v28 * 0x35;
				_v28 = _v28 >> 0xe;
				_v28 = _v28 + 0x675a;
				_v28 = _v28 ^ 0x00026f30;
				_v64 = 0xf7748e;
				_v64 = _v64 * 0x37;
				_v64 = _v64 ^ 0x3526d747;
				_v20 = 0x936b67;
				_v20 = _v20 + 0xffff21a6;
				_v20 = _v20 + 0x6733;
				_v20 = _v20 >> 2;
				_v20 = _v20 ^ 0x0025db68;
				_v12 = 0x60291e;
				_v12 = _v12 + 0xffffd016;
				_v12 = _v12 << 9;
				_v12 = _v12 + 0xffff2f3b;
				_v12 = _v12 ^ 0xbff2968b;
				E02BCFE2A(_v60, _v36, 0x1e,  &_v104);
				E02BCFE2A(_v52, _v24, 0x208,  &_v624);
				E02BCFE2A(_v16, _v44, 0x208,  &_v1144);
				E02BBE204(_v40, _v32,  &_v624, _a4);
				E02BBE204(_v8, _v72,  &_v1144, _a12);
				_v100 = _v48;
				_v96 =  &_v624;
				_v92 =  &_v1144;
				_v88 = _v56 | _v68 | 0x00000410;
				_t200 = E02BBE4F8( &_v104, _v28, _v64, _v20, _v12);
				asm("sbb eax, eax");
				return  ~_t200 + 1;
			}
































                                                                                                          0x02bc6554
                                                                                                          0x02bc6557
                                                                                                          0x02bc655a
                                                                                                          0x02bc655d
                                                                                                          0x02bc655e
                                                                                                          0x02bc655f
                                                                                                          0x02bc6564
                                                                                                          0x02bc656d
                                                                                                          0x02bc6574
                                                                                                          0x02bc657b
                                                                                                          0x02bc6582
                                                                                                          0x02bc6589
                                                                                                          0x02bc658d
                                                                                                          0x02bc6594
                                                                                                          0x02bc65a1
                                                                                                          0x02bc65a4
                                                                                                          0x02bc65a7
                                                                                                          0x02bc65ab
                                                                                                          0x02bc65b2
                                                                                                          0x02bc65b9
                                                                                                          0x02bc65c0
                                                                                                          0x02bc65c7
                                                                                                          0x02bc65ce
                                                                                                          0x02bc65d5
                                                                                                          0x02bc65dc
                                                                                                          0x02bc65e7
                                                                                                          0x02bc65ea
                                                                                                          0x02bc65f1
                                                                                                          0x02bc65f8
                                                                                                          0x02bc6606
                                                                                                          0x02bc660d
                                                                                                          0x02bc6610
                                                                                                          0x02bc6613
                                                                                                          0x02bc661a
                                                                                                          0x02bc6621
                                                                                                          0x02bc6628
                                                                                                          0x02bc662c
                                                                                                          0x02bc6630
                                                                                                          0x02bc6634
                                                                                                          0x02bc663b
                                                                                                          0x02bc6646
                                                                                                          0x02bc6650
                                                                                                          0x02bc6653
                                                                                                          0x02bc665a
                                                                                                          0x02bc6661
                                                                                                          0x02bc6665
                                                                                                          0x02bc666c
                                                                                                          0x02bc6673
                                                                                                          0x02bc667a
                                                                                                          0x02bc6682
                                                                                                          0x02bc6683
                                                                                                          0x02bc6686
                                                                                                          0x02bc668d
                                                                                                          0x02bc6698
                                                                                                          0x02bc66a0
                                                                                                          0x02bc66a3
                                                                                                          0x02bc66aa
                                                                                                          0x02bc66b1
                                                                                                          0x02bc66b8
                                                                                                          0x02bc66bc
                                                                                                          0x02bc66c3
                                                                                                          0x02bc66ce
                                                                                                          0x02bc66d1
                                                                                                          0x02bc66d5
                                                                                                          0x02bc66dc
                                                                                                          0x02bc66e3
                                                                                                          0x02bc66ee
                                                                                                          0x02bc66f4
                                                                                                          0x02bc66fb
                                                                                                          0x02bc6702
                                                                                                          0x02bc6709
                                                                                                          0x02bc6710
                                                                                                          0x02bc6714
                                                                                                          0x02bc671b
                                                                                                          0x02bc6722
                                                                                                          0x02bc6729
                                                                                                          0x02bc672d
                                                                                                          0x02bc6734
                                                                                                          0x02bc6744
                                                                                                          0x02bc675c
                                                                                                          0x02bc676f
                                                                                                          0x02bc6784
                                                                                                          0x02bc6799
                                                                                                          0x02bc67a4
                                                                                                          0x02bc67ad
                                                                                                          0x02bc67b6
                                                                                                          0x02bc67ca
                                                                                                          0x02bc67d4
                                                                                                          0x02bc67de
                                                                                                          0x02bc67e5

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: =l,$#V
                                                                                                          • API String ID: 0-882995766
                                                                                                          • Opcode ID: 63d82414185dada1c286f70f67569fe37ebaaf7d58e8b6f899c28194972c03bf
                                                                                                          • Instruction ID: eb20afd4f5c01cdbf55ba48c8c673550ab7ec60e0dfc48967894864ebf37d8b6
                                                                                                          • Opcode Fuzzy Hash: 63d82414185dada1c286f70f67569fe37ebaaf7d58e8b6f899c28194972c03bf
                                                                                                          • Instruction Fuzzy Hash: 9981F1B1D0121DEBCF08CFA0D98A8EEBBB5FF48308F208159D515B6250D7B45A45CF94
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BC07F4, Relevance: 2.6, Strings: 2, Instructions: 113COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 100%
                                                                                                          			E02BC07F4() {
				char _v520;
				signed int _v524;
				signed int _v528;
				signed int _v532;
				signed int _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _t88;
				intOrPtr _t89;
				void* _t96;
				signed int _t101;
				signed int _t112;
				short* _t113;
				signed int* _t116;

				_t116 =  &_v552;
				_v548 = 0x5918d1;
				_v548 = _v548 + 0xe8d9;
				_t96 = 0x413edd5;
				_v548 = _v548 * 7;
				_v548 = _v548 | 0xf342c850;
				_v548 = _v548 ^ 0xf3753354;
				_v544 = 0x3961e1;
				_t112 = 0x6c;
				_v544 = _v544 * 0x6e;
				_v544 = _v544 * 0x7b;
				_v544 = _v544 ^ 0xd8b8e625;
				_v528 = 0xb40301;
				_v528 = _v528 ^ 0x18f013f2;
				_v528 = _v528 + 0xffff1b00;
				_v528 = _v528 ^ 0x184a596c;
				_v532 = 0x9ab5ff;
				_v532 = _v532 + 0x870f;
				_v532 = _v532 + 0xffff8f3e;
				_v532 = _v532 ^ 0x0099ca27;
				_v524 = 0x5ab638;
				_v524 = _v524 + 0xffff3304;
				_v524 = _v524 ^ 0x005bd322;
				_v536 = 0x9f91e6;
				_t113 = _v524;
				_v536 = _v536 / _t112;
				_v536 = _v536 >> 2;
				_v536 = _v536 ^ 0x000cbfb4;
				_v540 = 0xcf5411;
				_t88 = _v540 * 0x37;
				_v540 = _t88;
				_v540 = _v540 ^ 0x69295e57;
				_v540 = _v540 ^ 0x45a0f7a2;
				L1:
				while(_t96 != 0x413edd5) {
					if(_t96 == 0x66ebf40) {
						_t88 = E02BD0DB1(_v548,  &_v520, __eflags, _v544, _t96, _v528);
						_t116 =  &(_t116[3]);
						_t96 = 0xe87ba20;
						continue;
					}
					if(_t96 == 0x9062539) {
						_t89 =  *0x2bd6214; // 0x0
						__eflags = _t89 + 0x23c;
						return E02BBE204(_v536, _v540, _t89 + 0x23c, _t113);
					}
					if(_t96 != 0xe87ba20) {
						L15:
						__eflags = _t96 - 0xf0f6a33;
						if(__eflags != 0) {
							continue;
						}
						return _t88;
					}
					_v552 = 0x64b67d;
					_t101 = 0x4d;
					_v552 = _v552 / _t101;
					_v552 = _v552 << 1;
					_v552 = _v552 + 0xa638;
					_v552 = _v552 ^ 0x000343e6;
					_t113 =  &_v520 + E02BC00C5( &_v520, _v532, _v524) * 2;
					while(1) {
						_t88 =  &_v520;
						if(_t113 <= _t88) {
							break;
						}
						__eflags =  *_t113 - 0x5c;
						if( *_t113 != 0x5c) {
							L8:
							_t113 = _t113 - 2;
							__eflags = _t113;
							continue;
						}
						_t74 =  &_v552;
						 *_t74 = _v552 - 1;
						__eflags =  *_t74;
						if( *_t74 == 0) {
							__eflags = _t113;
							L12:
							_t96 = 0x9062539;
							goto L1;
						}
						goto L8;
					}
					goto L12;
				}
				_t96 = 0x66ebf40;
				goto L15;
			}



















                                                                                                          0x02bc07f4
                                                                                                          0x02bc07fa
                                                                                                          0x02bc0804
                                                                                                          0x02bc080c
                                                                                                          0x02bc081a
                                                                                                          0x02bc0823
                                                                                                          0x02bc0830
                                                                                                          0x02bc083d
                                                                                                          0x02bc084c
                                                                                                          0x02bc084d
                                                                                                          0x02bc0856
                                                                                                          0x02bc085a
                                                                                                          0x02bc0862
                                                                                                          0x02bc086a
                                                                                                          0x02bc0872
                                                                                                          0x02bc087a
                                                                                                          0x02bc0882
                                                                                                          0x02bc088a
                                                                                                          0x02bc0892
                                                                                                          0x02bc089a
                                                                                                          0x02bc08a2
                                                                                                          0x02bc08aa
                                                                                                          0x02bc08b2
                                                                                                          0x02bc08ba
                                                                                                          0x02bc08c8
                                                                                                          0x02bc08cc
                                                                                                          0x02bc08d0
                                                                                                          0x02bc08d5
                                                                                                          0x02bc08dd
                                                                                                          0x02bc08e5
                                                                                                          0x02bc08ea
                                                                                                          0x02bc08ee
                                                                                                          0x02bc08f6
                                                                                                          0x00000000
                                                                                                          0x02bc08fe
                                                                                                          0x02bc090c
                                                                                                          0x02bc0998
                                                                                                          0x02bc099d
                                                                                                          0x02bc09a0
                                                                                                          0x00000000
                                                                                                          0x02bc09a0
                                                                                                          0x02bc0910
                                                                                                          0x02bc09b7
                                                                                                          0x02bc09c0
                                                                                                          0x00000000
                                                                                                          0x02bc09d1
                                                                                                          0x02bc0918
                                                                                                          0x02bc09a9
                                                                                                          0x02bc09a9
                                                                                                          0x02bc09af
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bc09af
                                                                                                          0x02bc091e
                                                                                                          0x02bc092e
                                                                                                          0x02bc0935
                                                                                                          0x02bc0939
                                                                                                          0x02bc093d
                                                                                                          0x02bc0945
                                                                                                          0x02bc095f
                                                                                                          0x02bc0973
                                                                                                          0x02bc0973
                                                                                                          0x02bc0979
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bc0964
                                                                                                          0x02bc0968
                                                                                                          0x02bc0970
                                                                                                          0x02bc0970
                                                                                                          0x02bc0970
                                                                                                          0x00000000
                                                                                                          0x02bc0970
                                                                                                          0x02bc096a
                                                                                                          0x02bc096a
                                                                                                          0x02bc096a
                                                                                                          0x02bc096e
                                                                                                          0x02bc097d
                                                                                                          0x02bc0980
                                                                                                          0x02bc0980
                                                                                                          0x00000000
                                                                                                          0x02bc0980
                                                                                                          0x00000000
                                                                                                          0x02bc096e
                                                                                                          0x00000000
                                                                                                          0x02bc097b
                                                                                                          0x02bc09a7
                                                                                                          0x00000000

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: W^)i$a9
                                                                                                          • API String ID: 0-1728637351
                                                                                                          • Opcode ID: 61f6c40b597fd4ebe6bdfabfe587fd3020237403d1caa595dd64f477da99b9cb
                                                                                                          • Instruction ID: 4a991bb0b29d937f20a59217e3644af711d99477ef4e5c88d86cad917dd0aae9
                                                                                                          • Opcode Fuzzy Hash: 61f6c40b597fd4ebe6bdfabfe587fd3020237403d1caa595dd64f477da99b9cb
                                                                                                          • Instruction Fuzzy Hash: D7416571508301CBD718DF28D58991FBBE1FBD4358F244E1EE1DAA6260D3B0AA49CF86
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BC5333, Relevance: 2.6, Strings: 2, Instructions: 107COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 98%
                                                                                                          			E02BC5333(void* __ecx) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				void* _t101;
				void* _t104;
				signed int _t105;
				signed int _t106;
				void* _t108;
				void* _t116;
				void* _t117;
				signed int* _t119;

				_t108 = __ecx;
				_t119 =  &_v40;
				_v16 = 0x92c19;
				_v16 = _v16 ^ 0x628de80f;
				_v16 = _v16 << 8;
				_v16 = _v16 ^ 0x84c9db68;
				_v4 = 0x30e06a;
				_v4 = _v4 ^ 0x4daac4de;
				_v4 = _v4 ^ 0x4d95dd20;
				_v20 = 0x313cca;
				_t105 = 0xc;
				_v20 = _v20 / _t105;
				_v20 = _v20 >> 9;
				_t116 = 0;
				_v20 = _v20 ^ 0x00013d87;
				_t117 = 0xe755a9f;
				_v40 = 0xb13641;
				_t106 = 0x59;
				_v40 = _v40 / _t106;
				_v40 = _v40 << 1;
				_v40 = _v40 | 0xaf38654a;
				_v40 = _v40 ^ 0xaf356b5c;
				_v24 = 0xb3ef74;
				_v24 = _v24 ^ 0x556457b4;
				_v24 = _v24 * 0x55;
				_v24 = _v24 ^ 0x80aa83de;
				_v28 = 0x9b3a5a;
				_v28 = _v28 + 0x3060;
				_v28 = _v28 + 0xffffd119;
				_v28 = _v28 ^ 0x00918c22;
				_v32 = 0x1265dc;
				_v32 = _v32 >> 0xd;
				_v32 = _v32 | 0x6a7496c5;
				_v32 = _v32 << 0xe;
				_v32 = _v32 ^ 0x25b994ca;
				_v36 = 0xc9b3ee;
				_v36 = _v36 >> 5;
				_v36 = _v36 + 0x1e11;
				_v36 = _v36 << 3;
				_v36 = _v36 ^ 0x0035933c;
				_v8 = 0x402308;
				_v8 = _v8 ^ 0x846a3c70;
				_v8 = _v8 << 3;
				_v8 = _v8 ^ 0x2152b8ae;
				_v12 = 0xd9cdb9;
				_v12 = _v12 * 0x16;
				_v12 = _v12 | 0x05b8ac83;
				_v12 = _v12 ^ 0x17b93340;
				do {
					while(_t117 != 0xb1e0fe5) {
						if(_t117 == 0xb7b3e2e) {
							_t116 = _t116 + E02BCBE8C(_t108 + 0x18, _v32, _v36, _v8, _v12);
						} else {
							if(_t117 == 0xcf04418) {
								_t104 = E02BCBE8C(_t108, _v20, _v40, _v24, _v28);
								_t119 =  &(_t119[3]);
								_t117 = 0xb7b3e2e;
								_t116 = _t116 + _t104;
								continue;
							} else {
								if(_t117 != 0xe755a9f) {
									goto L8;
								} else {
									_t117 = 0xb1e0fe5;
									continue;
								}
							}
						}
						L11:
						return _t116;
					}
					_push(_t108);
					_t101 = E02BC07F0();
					_t119 =  &(_t119[1]);
					_t117 = 0xcf04418;
					_t116 = _t116 + _t101;
					L8:
				} while (_t117 != 0x795fd89);
				goto L11;
			}





















                                                                                                          0x02bc5333
                                                                                                          0x02bc5333
                                                                                                          0x02bc5336
                                                                                                          0x02bc5340
                                                                                                          0x02bc5348
                                                                                                          0x02bc534d
                                                                                                          0x02bc5355
                                                                                                          0x02bc535d
                                                                                                          0x02bc5365
                                                                                                          0x02bc536d
                                                                                                          0x02bc537f
                                                                                                          0x02bc5384
                                                                                                          0x02bc538a
                                                                                                          0x02bc538f
                                                                                                          0x02bc5391
                                                                                                          0x02bc5399
                                                                                                          0x02bc539e
                                                                                                          0x02bc53af
                                                                                                          0x02bc53b7
                                                                                                          0x02bc53bb
                                                                                                          0x02bc53bf
                                                                                                          0x02bc53c7
                                                                                                          0x02bc53cf
                                                                                                          0x02bc53d7
                                                                                                          0x02bc53e4
                                                                                                          0x02bc53e8
                                                                                                          0x02bc53f0
                                                                                                          0x02bc53f8
                                                                                                          0x02bc5400
                                                                                                          0x02bc5408
                                                                                                          0x02bc5410
                                                                                                          0x02bc5418
                                                                                                          0x02bc541d
                                                                                                          0x02bc5425
                                                                                                          0x02bc542a
                                                                                                          0x02bc5432
                                                                                                          0x02bc543a
                                                                                                          0x02bc543f
                                                                                                          0x02bc5447
                                                                                                          0x02bc544c
                                                                                                          0x02bc5454
                                                                                                          0x02bc545c
                                                                                                          0x02bc5464
                                                                                                          0x02bc5469
                                                                                                          0x02bc5471
                                                                                                          0x02bc547e
                                                                                                          0x02bc5482
                                                                                                          0x02bc548a
                                                                                                          0x02bc5492
                                                                                                          0x02bc5492
                                                                                                          0x02bc5498
                                                                                                          0x02bc5509
                                                                                                          0x02bc549a
                                                                                                          0x02bc54a0
                                                                                                          0x02bc54be
                                                                                                          0x02bc54c3
                                                                                                          0x02bc54c6
                                                                                                          0x02bc54c8
                                                                                                          0x00000000
                                                                                                          0x02bc54a2
                                                                                                          0x02bc54a8
                                                                                                          0x00000000
                                                                                                          0x02bc54aa
                                                                                                          0x02bc54aa
                                                                                                          0x00000000
                                                                                                          0x02bc54aa
                                                                                                          0x02bc54a8
                                                                                                          0x02bc54a0
                                                                                                          0x02bc550b
                                                                                                          0x02bc5514
                                                                                                          0x02bc5514
                                                                                                          0x02bc54d4
                                                                                                          0x02bc54d5
                                                                                                          0x02bc54da
                                                                                                          0x02bc54dd
                                                                                                          0x02bc54e2
                                                                                                          0x02bc54e4
                                                                                                          0x02bc54e4
                                                                                                          0x00000000

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: `0$j0
                                                                                                          • API String ID: 0-1706687062
                                                                                                          • Opcode ID: a698ae834057bf3177c30c95693b9f296898de2c2be967a0d04c9a146b8b5e9c
                                                                                                          • Instruction ID: 5c65cec659de513914d795f383d7e12fd0e1fd835184aa80ec3c251826a02563
                                                                                                          • Opcode Fuzzy Hash: a698ae834057bf3177c30c95693b9f296898de2c2be967a0d04c9a146b8b5e9c
                                                                                                          • Instruction Fuzzy Hash: E94156724083019FC354DF21998940BFBE1FBD8B58F544E6DF8A9A6260C3718A59CF97
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BB7E79, Relevance: 2.6, Strings: 2, Instructions: 104COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 92%
                                                                                                          			E02BB7E79(intOrPtr* __ecx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				char _v304;
				char _t99;
				signed int _t101;
				void* _t105;
				signed int _t107;
				signed int _t108;
				char* _t109;
				intOrPtr* _t124;
				void* _t125;

				_t124 = __ecx;
				_v16 = 0xb54463;
				_v16 = _v16 + 0xffff3415;
				_v16 = _v16 >> 0xc;
				_v16 = _v16 + 0xffffe11b;
				_v16 = _v16 ^ 0xfff7a701;
				_v28 = 0xd77279;
				_v28 = _v28 | 0x400730c3;
				_v28 = _v28 << 0xb;
				_v28 = _v28 ^ 0xbb990da4;
				_v36 = 0xbcfff8;
				_v36 = _v36 >> 6;
				_v36 = _v36 ^ 0x000a6762;
				_v8 = 0xf31a9;
				_v8 = _v8 + 0xffff1e98;
				_v8 = _v8 ^ 0xb4a41066;
				_v8 = _v8 | 0xf0d45968;
				_v8 = _v8 ^ 0xf4f540ba;
				_v12 = 0xc524e1;
				_v12 = _v12 >> 0xe;
				_v12 = _v12 >> 5;
				_t107 = 0x45;
				_v12 = _v12 / _t107;
				_v12 = _v12 ^ 0x00048931;
				_v44 = 0x28a4d;
				_v44 = _v44 + 0x8441;
				_v44 = _v44 ^ 0x00037729;
				_v20 = 0x237a7e;
				_v20 = _v20 ^ 0x3c41f8ff;
				_v20 = _v20 | 0x4ede09cf;
				_v20 = _v20 >> 6;
				_v20 = _v20 ^ 0x01f9a400;
				_v32 = 0xc1354c;
				_v32 = _v32 ^ 0xd017d736;
				_v32 = _v32 + 0xb685;
				_v32 = _v32 ^ 0xd0d9caff;
				_v24 = 0x1c6e66;
				_v24 = _v24 + 0xffff7553;
				_t108 = 0x67;
				_t109 =  &_v304;
				_v24 = _v24 / _t108;
				_v24 = _v24 ^ 0x000aa416;
				_v40 = 0xe04b7f;
				_v40 = _v40 ^ 0x3f01302b;
				_v40 = _v40 ^ 0x3feda652;
				while(1) {
					_t99 =  *_t124;
					if(_t99 == 0) {
						break;
					}
					if(_t99 == 0x2e) {
						 *_t109 = 0;
					} else {
						 *_t109 = _t99;
						_t109 = _t109 + 1;
						_t124 = _t124 + 1;
						continue;
					}
					L6:
					_t125 = E02BB801A(_v16,  &_v304, _v28);
					if(_t125 != 0) {
						L8:
						_t101 = E02BB3362(_t124 + 1, _v12, _v44);
						_push(_v40);
						_push(_v24);
						_push(_t101 ^ 0x31e3fec1);
						_push(_t125);
						return E02BBEC31(_v20, _v32);
					}
					_t105 = E02BB483C(_v36, _v8,  &_v304);
					_t125 = _t105;
					if(_t125 != 0) {
						goto L8;
					}
					return _t105;
				}
				goto L6;
			}






















                                                                                                          0x02bb7e84
                                                                                                          0x02bb7e86
                                                                                                          0x02bb7e8f
                                                                                                          0x02bb7e96
                                                                                                          0x02bb7e9a
                                                                                                          0x02bb7ea1
                                                                                                          0x02bb7ea8
                                                                                                          0x02bb7eaf
                                                                                                          0x02bb7eb6
                                                                                                          0x02bb7eba
                                                                                                          0x02bb7ec1
                                                                                                          0x02bb7ec8
                                                                                                          0x02bb7ecc
                                                                                                          0x02bb7ed3
                                                                                                          0x02bb7eda
                                                                                                          0x02bb7ee1
                                                                                                          0x02bb7ee8
                                                                                                          0x02bb7eef
                                                                                                          0x02bb7ef6
                                                                                                          0x02bb7efd
                                                                                                          0x02bb7f01
                                                                                                          0x02bb7f0a
                                                                                                          0x02bb7f0f
                                                                                                          0x02bb7f14
                                                                                                          0x02bb7f1b
                                                                                                          0x02bb7f22
                                                                                                          0x02bb7f29
                                                                                                          0x02bb7f30
                                                                                                          0x02bb7f37
                                                                                                          0x02bb7f3e
                                                                                                          0x02bb7f45
                                                                                                          0x02bb7f49
                                                                                                          0x02bb7f50
                                                                                                          0x02bb7f57
                                                                                                          0x02bb7f5e
                                                                                                          0x02bb7f65
                                                                                                          0x02bb7f6c
                                                                                                          0x02bb7f73
                                                                                                          0x02bb7f7d
                                                                                                          0x02bb7f80
                                                                                                          0x02bb7f86
                                                                                                          0x02bb7f89
                                                                                                          0x02bb7f90
                                                                                                          0x02bb7f97
                                                                                                          0x02bb7f9e
                                                                                                          0x02bb7faf
                                                                                                          0x02bb7faf
                                                                                                          0x02bb7fb3
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bb7fa9
                                                                                                          0x02bb7fb7
                                                                                                          0x02bb7fab
                                                                                                          0x02bb7fab
                                                                                                          0x02bb7fad
                                                                                                          0x02bb7fae
                                                                                                          0x00000000
                                                                                                          0x02bb7fae
                                                                                                          0x02bb7fba
                                                                                                          0x02bb7fcb
                                                                                                          0x02bb7fd0
                                                                                                          0x02bb7feb
                                                                                                          0x02bb7ff4
                                                                                                          0x02bb7ff9
                                                                                                          0x02bb8001
                                                                                                          0x02bb800a
                                                                                                          0x02bb800b
                                                                                                          0x00000000
                                                                                                          0x02bb8011
                                                                                                          0x02bb7fdf
                                                                                                          0x02bb7fe4
                                                                                                          0x02bb7fe9
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bb8019
                                                                                                          0x02bb8019
                                                                                                          0x00000000

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: bg$~z#
                                                                                                          • API String ID: 0-3633068236
                                                                                                          • Opcode ID: d27443a6954f6df962cc2ff153474a91a954d70af200d7c111dd209c5580846d
                                                                                                          • Instruction ID: 8f4fddd0dfd63fba4edc9e9da8dcb844fbd2d7445e91d5b8c79c6e3853d5b78e
                                                                                                          • Opcode Fuzzy Hash: d27443a6954f6df962cc2ff153474a91a954d70af200d7c111dd209c5580846d
                                                                                                          • Instruction Fuzzy Hash: 23413372C0021EDBDF1ACEA4C8495EEFBB1EF55318F208199D451B6220C7B80A4ACFA5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BC5515, Relevance: 2.6, Strings: 2, Instructions: 92COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: bWr$(8r
                                                                                                          • API String ID: 0-4034592896
                                                                                                          • Opcode ID: 6bd561600b29e8d40b53efd76a24b6e4d1b51c40b914b8d5291e690eb23a4ca9
                                                                                                          • Instruction ID: 1660d6fc4f01496950b14fcc27d33b77e1baa1620b99e11bdf2344b670093363
                                                                                                          • Opcode Fuzzy Hash: 6bd561600b29e8d40b53efd76a24b6e4d1b51c40b914b8d5291e690eb23a4ca9
                                                                                                          • Instruction Fuzzy Hash: CF411471C00219EFCF18DFA4D94A9EEBBB5FB04304F20819AD511B6264D3B55B85CF95
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BCF840, Relevance: 1.5, Strings: 1, Instructions: 210COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 94%
                                                                                                          			E02BCF840(void* __ecx, void* __edx, intOrPtr* _a4, intOrPtr _a8) {
				char _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				void* _t197;
				void* _t220;
				intOrPtr* _t230;
				void* _t232;
				void* _t252;
				void* _t253;
				signed int _t254;
				signed int _t255;
				signed int _t256;
				signed int _t257;
				signed int _t258;
				signed int _t259;
				signed int _t260;
				signed int _t261;
				signed int* _t264;

				_t230 = _a4;
				_push(_a8);
				_t252 = __ecx;
				_push(_t230);
				_push(__ecx);
				E02BCFE29(_t197);
				_v16 = 0x43fd88;
				_t264 =  &(( &_v84)[4]);
				_v16 = _v16 << 4;
				_v16 = _v16 ^ 0x043fd881;
				_t253 = 0;
				_v36 = 0xa6c090;
				_t232 = 0x483ab52;
				_v36 = _v36 >> 0xd;
				_v36 = _v36 + 0x55d4;
				_v36 = _v36 ^ 0x00005b0b;
				_v48 = 0x2dc4d8;
				_t254 = 0xf;
				_v48 = _v48 / _t254;
				_v48 = _v48 + 0x1bd9;
				_v48 = _v48 ^ 0x0001e475;
				_v80 = 0x1961e0;
				_v80 = _v80 | 0x2e5a3b97;
				_v80 = _v80 >> 0x10;
				_v80 = _v80 >> 4;
				_v80 = _v80 ^ 0x00050c56;
				_v52 = 0x801119;
				_t255 = 0x4c;
				_v52 = _v52 * 0x3b;
				_v52 = _v52 / _t255;
				_v52 = _v52 ^ 0x006b0701;
				_v12 = 0x5b3baf;
				_v12 = _v12 + 0xffffe0d8;
				_v12 = _v12 ^ 0x0050d6d6;
				_v20 = 0xddf3bb;
				_v20 = _v20 + 0x1688;
				_v20 = _v20 ^ 0x00da105f;
				_v84 = 0xb842b2;
				_v84 = _v84 >> 3;
				_t256 = 0x6e;
				_v84 = _v84 * 0x79;
				_v84 = _v84 << 3;
				_v84 = _v84 ^ 0x571ab13d;
				_v56 = 0xc043e1;
				_v56 = _v56 >> 6;
				_v56 = _v56 ^ 0x181f9cd5;
				_v56 = _v56 ^ 0x181bbe52;
				_v24 = 0xd2b7cf;
				_v24 = _v24 / _t256;
				_v24 = _v24 ^ 0x00057f60;
				_v60 = 0x8a3800;
				_v60 = _v60 >> 6;
				_v60 = _v60 | 0x8f8b2365;
				_v60 = _v60 ^ 0x8f8e0970;
				_v64 = 0xc9e96d;
				_v64 = _v64 << 0x10;
				_v64 = _v64 << 5;
				_v64 = _v64 ^ 0x2da69c1f;
				_v68 = 0x328e52;
				_v68 = _v68 * 0x66;
				_v68 = _v68 << 3;
				_v68 = _v68 ^ 0xa1266097;
				_v28 = 0xf9277c;
				_v28 = _v28 << 0xa;
				_v28 = _v28 << 3;
				_v28 = _v28 ^ 0x24e98be4;
				_v72 = 0xc9ae08;
				_v72 = _v72 | 0xbe9fb7a8;
				_v72 = _v72 << 1;
				_v72 = _v72 + 0xffff17b5;
				_v72 = _v72 ^ 0x7db3cb0d;
				_v32 = 0x7a6981;
				_v32 = _v32 ^ 0xd4fdb142;
				_t257 = 0x69;
				_v32 = _v32 / _t257;
				_v32 = _v32 ^ 0x020955a0;
				_v76 = 0x732b21;
				_t258 = 0x5e;
				_v76 = _v76 / _t258;
				_t259 = 0xb;
				_v76 = _v76 / _t259;
				_v76 = _v76 + 0xb8c3;
				_v76 = _v76 ^ 0x0005bc70;
				_v8 = 0x8f6a69;
				_t260 = 0x5d;
				_v8 = _v8 / _t260;
				_v8 = _v8 ^ 0x000b5b39;
				_v40 = 0x75e3f0;
				_t261 = 0x55;
				_v40 = _v40 / _t261;
				_v40 = _v40 + 0xffff98ec;
				_v40 = _v40 ^ 0x0009f0a2;
				_v44 = 0x50946;
				_v44 = _v44 * 0x76;
				_v44 = _v44 + 0xffff2591;
				_v44 = _v44 ^ 0x0253dc14;
				do {
					while(_t232 != 0x483ab52) {
						if(_t232 == 0x71a4461) {
							_t220 = E02BCA1C0(_v48, _t232, _v80, _v52, _v12,  &_v4, _v16, _v20, _v84, 0, _t232, _v56, _t252);
							_t264 =  &(_t264[0xc]);
							if(_t220 != 0) {
								_t232 = 0xc565723;
								continue;
							}
						} else {
							if(_t232 == 0xc565723) {
								_push(_t232);
								_push(_t232);
								_t253 = E02BBC5D8(_v4);
								_t264 =  &(_t264[3]);
								if(_t253 != 0) {
									_t232 = 0xf0f9d9d;
									continue;
								}
							} else {
								if(_t232 != 0xf0f9d9d) {
									goto L12;
								} else {
									E02BCA1C0(_v28, _t232, _v72, _v32, _v76,  &_v4, _v36, _v8, _v40, _t253, _t232, _v44, _t252);
									 *_t230 = _v4;
								}
							}
						}
						L6:
						return _t253;
					}
					_t232 = 0x71a4461;
					L12:
				} while (_t232 != 0xd0fff7e);
				goto L6;
			}







































                                                                                                          0x02bcf844
                                                                                                          0x02bcf84b
                                                                                                          0x02bcf84f
                                                                                                          0x02bcf851
                                                                                                          0x02bcf853
                                                                                                          0x02bcf854
                                                                                                          0x02bcf859
                                                                                                          0x02bcf861
                                                                                                          0x02bcf864
                                                                                                          0x02bcf86b
                                                                                                          0x02bcf873
                                                                                                          0x02bcf875
                                                                                                          0x02bcf87d
                                                                                                          0x02bcf882
                                                                                                          0x02bcf887
                                                                                                          0x02bcf88f
                                                                                                          0x02bcf897
                                                                                                          0x02bcf8a5
                                                                                                          0x02bcf8aa
                                                                                                          0x02bcf8b0
                                                                                                          0x02bcf8b8
                                                                                                          0x02bcf8c0
                                                                                                          0x02bcf8c8
                                                                                                          0x02bcf8d0
                                                                                                          0x02bcf8d5
                                                                                                          0x02bcf8da
                                                                                                          0x02bcf8e2
                                                                                                          0x02bcf8ef
                                                                                                          0x02bcf8f2
                                                                                                          0x02bcf8fe
                                                                                                          0x02bcf902
                                                                                                          0x02bcf90a
                                                                                                          0x02bcf912
                                                                                                          0x02bcf91a
                                                                                                          0x02bcf922
                                                                                                          0x02bcf92a
                                                                                                          0x02bcf932
                                                                                                          0x02bcf93a
                                                                                                          0x02bcf942
                                                                                                          0x02bcf94c
                                                                                                          0x02bcf94d
                                                                                                          0x02bcf951
                                                                                                          0x02bcf956
                                                                                                          0x02bcf95e
                                                                                                          0x02bcf966
                                                                                                          0x02bcf96b
                                                                                                          0x02bcf973
                                                                                                          0x02bcf97b
                                                                                                          0x02bcf989
                                                                                                          0x02bcf98d
                                                                                                          0x02bcf995
                                                                                                          0x02bcf99d
                                                                                                          0x02bcf9a2
                                                                                                          0x02bcf9aa
                                                                                                          0x02bcf9b2
                                                                                                          0x02bcf9ba
                                                                                                          0x02bcf9bf
                                                                                                          0x02bcf9c4
                                                                                                          0x02bcf9cc
                                                                                                          0x02bcf9d9
                                                                                                          0x02bcf9dd
                                                                                                          0x02bcf9e2
                                                                                                          0x02bcf9ec
                                                                                                          0x02bcf9f4
                                                                                                          0x02bcf9f9
                                                                                                          0x02bcf9fe
                                                                                                          0x02bcfa06
                                                                                                          0x02bcfa0e
                                                                                                          0x02bcfa16
                                                                                                          0x02bcfa1a
                                                                                                          0x02bcfa22
                                                                                                          0x02bcfa2a
                                                                                                          0x02bcfa32
                                                                                                          0x02bcfa40
                                                                                                          0x02bcfa45
                                                                                                          0x02bcfa4b
                                                                                                          0x02bcfa53
                                                                                                          0x02bcfa5f
                                                                                                          0x02bcfa64
                                                                                                          0x02bcfa6e
                                                                                                          0x02bcfa73
                                                                                                          0x02bcfa79
                                                                                                          0x02bcfa81
                                                                                                          0x02bcfa89
                                                                                                          0x02bcfa95
                                                                                                          0x02bcfa9a
                                                                                                          0x02bcfaa0
                                                                                                          0x02bcfaa8
                                                                                                          0x02bcfab4
                                                                                                          0x02bcfabc
                                                                                                          0x02bcfac0
                                                                                                          0x02bcfac8
                                                                                                          0x02bcfad0
                                                                                                          0x02bcfadd
                                                                                                          0x02bcfae1
                                                                                                          0x02bcfae9
                                                                                                          0x02bcfaf1
                                                                                                          0x02bcfaf1
                                                                                                          0x02bcfaff
                                                                                                          0x02bcfbb5
                                                                                                          0x02bcfbba
                                                                                                          0x02bcfbbf
                                                                                                          0x02bcfbc1
                                                                                                          0x00000000
                                                                                                          0x02bcfbc1
                                                                                                          0x02bcfb05
                                                                                                          0x02bcfb0b
                                                                                                          0x02bcfb6d
                                                                                                          0x02bcfb6e
                                                                                                          0x02bcfb78
                                                                                                          0x02bcfb7a
                                                                                                          0x02bcfb7f
                                                                                                          0x02bcfb81
                                                                                                          0x00000000
                                                                                                          0x02bcfb81
                                                                                                          0x02bcfb0d
                                                                                                          0x02bcfb13
                                                                                                          0x00000000
                                                                                                          0x02bcfb19
                                                                                                          0x02bcfb42
                                                                                                          0x02bcfb51
                                                                                                          0x02bcfb51
                                                                                                          0x02bcfb13
                                                                                                          0x02bcfb0b
                                                                                                          0x02bcfb54
                                                                                                          0x02bcfb5c
                                                                                                          0x02bcfb5c
                                                                                                          0x02bcfbcb
                                                                                                          0x02bcfbcd
                                                                                                          0x02bcfbcd
                                                                                                          0x00000000

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: !+s
                                                                                                          • API String ID: 0-2041718826
                                                                                                          • Opcode ID: ecbfb722ef4a51468ccc6504c580edf44e6ea5507055d07fe96aabdae32b1462
                                                                                                          • Instruction ID: 55be1602b1663a2c4c2b7a151597c9d4e7e0b5b6674742b7a372220a81b5c531
                                                                                                          • Opcode Fuzzy Hash: ecbfb722ef4a51468ccc6504c580edf44e6ea5507055d07fe96aabdae32b1462
                                                                                                          • Instruction Fuzzy Hash: 7D9101721083449FD758CF65C88991BFBE2FBC4B58F50892DF69686260D3B6C949CF82
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BD0A64, Relevance: 1.4, Strings: 1, Instructions: 197COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 93%
                                                                                                          			E02BD0A64(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				char _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				void* _t180;
				void* _t211;
				void* _t212;
				void* _t214;
				void* _t238;
				void* _t239;
				signed int _t240;
				signed int _t241;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t246;
				signed int _t247;
				signed int* _t250;

				_push(_a8);
				_t238 = __edx;
				_t212 = __ecx;
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E02BCFE29(_t180);
				_v56 = 0xc0d7de;
				_t250 =  &(( &_v76)[4]);
				_v56 = _v56 << 2;
				_v56 = _v56 << 7;
				_t239 = 0;
				_v56 = _v56 ^ 0x81afbc01;
				_t214 = 0xaac46ca;
				_v64 = 0x3a8e28;
				_v64 = _v64 >> 1;
				_v64 = _v64 + 0xe78e;
				_v64 = _v64 >> 0xd;
				_v64 = _v64 ^ 0x000000f0;
				_v16 = 0x168660;
				_v16 = _v16 >> 5;
				_v16 = _v16 ^ 0x4000b433;
				_v8 = 0x28d09b;
				_t240 = 0x6c;
				_v8 = _v8 / _t240;
				_v8 = _v8 ^ 0x400060bf;
				_v72 = 0xacfd47;
				_v72 = _v72 ^ 0xaf3d897a;
				_v72 = _v72 << 2;
				_v72 = _v72 >> 1;
				_v72 = _v72 ^ 0x5f2a69ef;
				_v60 = 0xaad3e;
				_v60 = _v60 >> 7;
				_v60 = _v60 + 0x530f;
				_v60 = _v60 ^ 0x00047061;
				_v20 = 0xd1ee8e;
				_v20 = _v20 >> 0xd;
				_v20 = _v20 ^ 0x00058db8;
				_v76 = 0xa228f;
				_t241 = 0x1c;
				_v76 = _v76 / _t241;
				_t242 = 0x30;
				_v76 = _v76 * 0x79;
				_v76 = _v76 | 0xd88c69ec;
				_v76 = _v76 ^ 0xd8a0fe12;
				_v24 = 0xd67a62;
				_v24 = _v24 + 0xffff00ae;
				_v24 = _v24 ^ 0x00d8581e;
				_v40 = 0xcb2b10;
				_v40 = _v40 / _t242;
				_t243 = 0x14;
				_v40 = _v40 / _t243;
				_v40 = _v40 ^ 0x0006cc26;
				_v44 = 0xf09ad;
				_v44 = _v44 << 0xd;
				_v44 = _v44 | 0x1b12e533;
				_v44 = _v44 ^ 0xfb3e9f34;
				_v48 = 0xeb0c29;
				_v48 = _v48 * 0x7b;
				_t244 = 0x65;
				_v48 = _v48 / _t244;
				_v48 = _v48 ^ 0x0113d763;
				_v52 = 0x64962b;
				_v52 = _v52 + 0xfffff671;
				_v52 = _v52 + 0x8f00;
				_v52 = _v52 ^ 0x00671ded;
				_v28 = 0xef32a4;
				_v28 = _v28 + 0xf3f6;
				_t245 = 0x57;
				_v28 = _v28 / _t245;
				_v28 = _v28 ^ 0x000c1b67;
				_v32 = 0x4955c4;
				_v32 = _v32 << 7;
				_t246 = 0x75;
				_v32 = _v32 / _t246;
				_v32 = _v32 ^ 0x005efa9b;
				_v68 = 0x926f14;
				_v68 = _v68 ^ 0x2f6794d2;
				_t247 = 0x7f;
				_v68 = _v68 / _t247;
				_v68 = _v68 + 0xe0be;
				_v68 = _v68 ^ 0x00650f61;
				_v12 = 0xa3b92d;
				_v12 = _v12 + 0xffff94bd;
				_v12 = _v12 ^ 0x00ae9057;
				_v36 = 0x571707;
				_v36 = _v36 << 3;
				_v36 = _v36 + 0xffff7ee3;
				_v36 = _v36 ^ 0x02b89578;
				do {
					while(_t214 != 0x665f559) {
						if(_t214 == 0x8e4e5a6) {
							_push(_t214);
							_push(_t214);
							_t239 = E02BBC5D8(_v4 + _v4);
							_t250 =  &(_t250[3]);
							if(_t239 != 0) {
								_t214 = 0x665f559;
								continue;
							}
						} else {
							if(_t214 == 0xa67d5aa) {
								_t211 = E02BCC4F8(_v72, _v16 | _v56, _t212, 0, _v60, _v20, _v76, _v24,  &_v4, _t238);
								_t250 =  &(_t250[8]);
								if(_t211 != 0) {
									_t214 = 0x8e4e5a6;
									continue;
								}
							} else {
								if(_t214 != 0xaac46ca) {
									goto L11;
								} else {
									_t214 = 0xa67d5aa;
									continue;
								}
							}
						}
						goto L12;
					}
					E02BCC4F8(_v28, _v8 | _v64, _t212, _t239, _v32, _v68, _v12, _v36,  &_v4, _t238);
					_t250 =  &(_t250[8]);
					_t214 = 0xee0867e;
					L11:
				} while (_t214 != 0xee0867e);
				L12:
				return _t239;
			}





































                                                                                                          0x02bd0a6b
                                                                                                          0x02bd0a6f
                                                                                                          0x02bd0a71
                                                                                                          0x02bd0a73
                                                                                                          0x02bd0a77
                                                                                                          0x02bd0a78
                                                                                                          0x02bd0a79
                                                                                                          0x02bd0a7e
                                                                                                          0x02bd0a86
                                                                                                          0x02bd0a89
                                                                                                          0x02bd0a90
                                                                                                          0x02bd0a95
                                                                                                          0x02bd0a97
                                                                                                          0x02bd0a9f
                                                                                                          0x02bd0aa4
                                                                                                          0x02bd0aac
                                                                                                          0x02bd0ab0
                                                                                                          0x02bd0ab8
                                                                                                          0x02bd0abd
                                                                                                          0x02bd0ac5
                                                                                                          0x02bd0acd
                                                                                                          0x02bd0ad2
                                                                                                          0x02bd0ada
                                                                                                          0x02bd0ae8
                                                                                                          0x02bd0aed
                                                                                                          0x02bd0af3
                                                                                                          0x02bd0afb
                                                                                                          0x02bd0b03
                                                                                                          0x02bd0b0b
                                                                                                          0x02bd0b10
                                                                                                          0x02bd0b14
                                                                                                          0x02bd0b1c
                                                                                                          0x02bd0b24
                                                                                                          0x02bd0b29
                                                                                                          0x02bd0b31
                                                                                                          0x02bd0b39
                                                                                                          0x02bd0b41
                                                                                                          0x02bd0b46
                                                                                                          0x02bd0b4e
                                                                                                          0x02bd0b5a
                                                                                                          0x02bd0b5f
                                                                                                          0x02bd0b6a
                                                                                                          0x02bd0b6d
                                                                                                          0x02bd0b71
                                                                                                          0x02bd0b79
                                                                                                          0x02bd0b81
                                                                                                          0x02bd0b89
                                                                                                          0x02bd0b91
                                                                                                          0x02bd0b99
                                                                                                          0x02bd0ba9
                                                                                                          0x02bd0bb1
                                                                                                          0x02bd0bb4
                                                                                                          0x02bd0bb8
                                                                                                          0x02bd0bc0
                                                                                                          0x02bd0bc8
                                                                                                          0x02bd0bcd
                                                                                                          0x02bd0bd5
                                                                                                          0x02bd0bdd
                                                                                                          0x02bd0bea
                                                                                                          0x02bd0bf6
                                                                                                          0x02bd0bfb
                                                                                                          0x02bd0c01
                                                                                                          0x02bd0c09
                                                                                                          0x02bd0c11
                                                                                                          0x02bd0c19
                                                                                                          0x02bd0c21
                                                                                                          0x02bd0c29
                                                                                                          0x02bd0c31
                                                                                                          0x02bd0c3d
                                                                                                          0x02bd0c42
                                                                                                          0x02bd0c48
                                                                                                          0x02bd0c50
                                                                                                          0x02bd0c58
                                                                                                          0x02bd0c61
                                                                                                          0x02bd0c66
                                                                                                          0x02bd0c6c
                                                                                                          0x02bd0c74
                                                                                                          0x02bd0c7c
                                                                                                          0x02bd0c88
                                                                                                          0x02bd0c90
                                                                                                          0x02bd0c94
                                                                                                          0x02bd0c9c
                                                                                                          0x02bd0ca4
                                                                                                          0x02bd0cac
                                                                                                          0x02bd0cb4
                                                                                                          0x02bd0cbc
                                                                                                          0x02bd0cc4
                                                                                                          0x02bd0cc9
                                                                                                          0x02bd0cd1
                                                                                                          0x02bd0cd9
                                                                                                          0x02bd0cd9
                                                                                                          0x02bd0ce7
                                                                                                          0x02bd0d50
                                                                                                          0x02bd0d51
                                                                                                          0x02bd0d5a
                                                                                                          0x02bd0d5c
                                                                                                          0x02bd0d61
                                                                                                          0x02bd0d63
                                                                                                          0x00000000
                                                                                                          0x02bd0d63
                                                                                                          0x02bd0ce9
                                                                                                          0x02bd0cef
                                                                                                          0x02bd0d29
                                                                                                          0x02bd0d2e
                                                                                                          0x02bd0d33
                                                                                                          0x02bd0d35
                                                                                                          0x00000000
                                                                                                          0x02bd0d35
                                                                                                          0x02bd0cf1
                                                                                                          0x02bd0cf7
                                                                                                          0x00000000
                                                                                                          0x02bd0cfd
                                                                                                          0x02bd0cfd
                                                                                                          0x00000000
                                                                                                          0x02bd0cfd
                                                                                                          0x02bd0cf7
                                                                                                          0x02bd0cef
                                                                                                          0x00000000
                                                                                                          0x02bd0ce7
                                                                                                          0x02bd0d8e
                                                                                                          0x02bd0d93
                                                                                                          0x02bd0d96
                                                                                                          0x02bd0d9b
                                                                                                          0x02bd0d9b
                                                                                                          0x02bd0da8
                                                                                                          0x02bd0db0

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: i*_
                                                                                                          • API String ID: 0-4175851924
                                                                                                          • Opcode ID: 033916526ebd42fe384ae7de4cef2794808c9c5efeeb7d3c76fe8acba1a56522
                                                                                                          • Instruction ID: 9c7dddd57bf4c5cd5519f66f969c53646efbad150c277afd4f5377afc01453a2
                                                                                                          • Opcode Fuzzy Hash: 033916526ebd42fe384ae7de4cef2794808c9c5efeeb7d3c76fe8acba1a56522
                                                                                                          • Instruction Fuzzy Hash: 9B8151B21083409FD354CF61D98995BFBE2EBC4B58F40891DF9969A260D3B6CA49CF43
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BCC5D5, Relevance: 1.4, Strings: 1, Instructions: 194COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 77%
                                                                                                          			E02BCC5D5() {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				short _t190;
				signed int _t195;
				void* _t198;
				void* _t217;
				intOrPtr _t220;
				void* _t221;
				short* _t222;
				void* _t223;
				short* _t224;
				signed int _t225;
				signed int _t226;
				signed int _t227;
				signed int _t228;
				signed int _t229;
				signed int _t230;
				signed int _t231;
				void* _t232;

				_t220 =  *0x2bd6214; // 0x0
				_v28 = 0x163a95;
				_t221 = _t220 + 0x23c;
				_t198 = 0x1db3eac;
				_t225 = 0x2a;
				_v28 = _v28 * 0x43;
				_v28 = _v28 | 0x78fa3d4f;
				_v28 = _v28 + 0xb7b9;
				_v28 = _v28 ^ 0x7df609b0;
				_v36 = 0x641eba;
				_v36 = _v36 / _t225;
				_v36 = _v36 << 8;
				_v36 = _v36 ^ 0x02679a20;
				_v60 = 0x1f128d;
				_v60 = _v60 | 0x723f4715;
				_v60 = _v60 ^ 0x7234fc66;
				_v8 = 0xac331e;
				_v8 = _v8 ^ 0xe591128e;
				_v8 = _v8 << 4;
				_v8 = _v8 + 0xffffc28e;
				_v8 = _v8 ^ 0x53d02dfe;
				_v32 = 0x5bb4ea;
				_v32 = _v32 ^ 0xe8579be7;
				_v32 = _v32 + 0xffff04e9;
				_v32 = _v32 ^ 0xe8074079;
				_v40 = 0xd0bea7;
				_v40 = _v40 << 1;
				_t226 = 0x1d;
				_v40 = _v40 / _t226;
				_v40 = _v40 ^ 0x000c7110;
				_v64 = 0x41c151;
				_v64 = _v64 << 1;
				_v64 = _v64 ^ 0x00828c11;
				_v44 = 0x3034cc;
				_t227 = 0x1a;
				_v44 = _v44 / _t227;
				_v44 = _v44 + 0xffffde13;
				_v44 = _v44 ^ 0x000cb2d3;
				_v12 = 0xb1859b;
				_v12 = _v12 ^ 0xe04d3b3c;
				_t228 = 0x25;
				_v12 = _v12 * 7;
				_v12 = _v12 | 0x0065acf4;
				_v12 = _v12 ^ 0x26e71960;
				_v68 = 0x4e3808;
				_v68 = _v68 | 0x4ec02654;
				_v68 = _v68 ^ 0x4ec4b15d;
				_v48 = 0x7afa7b;
				_v48 = _v48 ^ 0xc20923f7;
				_v48 = _v48 / _t228;
				_v48 = _v48 ^ 0x0544c062;
				_v20 = 0x2ff9aa;
				_v20 = _v20 + 0xffffa865;
				_v20 = _v20 * 0x24;
				_v20 = _v20 + 0x4632;
				_v20 = _v20 ^ 0x06bd6615;
				_v16 = 0x2d8807;
				_v16 = _v16 * 0x5f;
				_v16 = _v16 << 3;
				_v16 = _v16 << 6;
				_v16 = _v16 ^ 0xcaf714e8;
				_v52 = 0xcb8ac1;
				_v52 = _v52 << 0xb;
				_v52 = _v52 >> 0xc;
				_v52 = _v52 ^ 0x000dc079;
				_v24 = 0xed824f;
				_v24 = _v24 + 0x6e9c;
				_t229 = 0x19;
				_v24 = _v24 / _t229;
				_v24 = _v24 >> 0x10;
				_v24 = _v24 ^ 0x00044037;
				_v56 = 0xd4fc47;
				_v56 = _v56 << 5;
				_v56 = _v56 << 0xb;
				_v56 = _v56 ^ 0xfc4a9c10;
				_v72 = 0x35720e;
				_v72 = _v72 ^ 0x5bf10d31;
				_v72 = _v72 ^ 0x5bc050cb;
				do {
					while(_t198 != 0x1db3eac) {
						if(_t198 == 0x2b86adf) {
							E02BBE404(_v56, 1, _v72, 3, _t221);
							 *((short*)(_t221 + 6)) = 0;
							return 0;
						}
						if(_t198 == 0x6ec99df) {
							_push(_t198);
							_push(_t198);
							_t230 = E02BCCCA0(4, 0x10);
							E02BBE404(_v52, 1, _v24, _t230, _t221);
							_t232 = _t232 + 0x1c;
							_t222 = _t221 + _t230 * 2;
							_t198 = 0x2b86adf;
							_t190 = 0x2e;
							 *_t222 = _t190;
							_t221 = _t222 + 2;
							continue;
						}
						if(_t198 != 0x6f740c2) {
							goto L8;
						}
						_push(_t198);
						_push(_t198);
						_t195 = E02BCCCA0(4, 0x10);
						_push(_t221);
						_push(1);
						_push(_v64);
						_t231 = _t195;
						_t217 = 2;
						E02BBE404(_v40, _t217);
						_t223 = _t221 + 2;
						E02BBE404(_v44, 1, _v12, _t231, _t223);
						_t232 = _t232 + 0x28;
						_t224 = _t223 + _t231 * 2;
						_t198 = 0x6ec99df;
						_t190 = 0x5c;
						 *_t224 = _t190;
						_t221 = _t224 + 2;
					}
					E02BBDC1B(_t198);
					_t198 = 0x6f740c2;
					L8:
				} while (_t198 != 0x41dad81);
				return _t190;
			}





































                                                                                                          0x02bcc5dd
                                                                                                          0x02bcc5e5
                                                                                                          0x02bcc5ec
                                                                                                          0x02bcc5f6
                                                                                                          0x02bcc5fd
                                                                                                          0x02bcc600
                                                                                                          0x02bcc603
                                                                                                          0x02bcc60a
                                                                                                          0x02bcc611
                                                                                                          0x02bcc618
                                                                                                          0x02bcc626
                                                                                                          0x02bcc629
                                                                                                          0x02bcc62d
                                                                                                          0x02bcc634
                                                                                                          0x02bcc63b
                                                                                                          0x02bcc642
                                                                                                          0x02bcc649
                                                                                                          0x02bcc650
                                                                                                          0x02bcc657
                                                                                                          0x02bcc65b
                                                                                                          0x02bcc662
                                                                                                          0x02bcc669
                                                                                                          0x02bcc670
                                                                                                          0x02bcc677
                                                                                                          0x02bcc67e
                                                                                                          0x02bcc685
                                                                                                          0x02bcc68c
                                                                                                          0x02bcc692
                                                                                                          0x02bcc697
                                                                                                          0x02bcc69c
                                                                                                          0x02bcc6a3
                                                                                                          0x02bcc6aa
                                                                                                          0x02bcc6ad
                                                                                                          0x02bcc6b4
                                                                                                          0x02bcc6be
                                                                                                          0x02bcc6c3
                                                                                                          0x02bcc6c8
                                                                                                          0x02bcc6cf
                                                                                                          0x02bcc6d6
                                                                                                          0x02bcc6dd
                                                                                                          0x02bcc6e8
                                                                                                          0x02bcc6e9
                                                                                                          0x02bcc6ec
                                                                                                          0x02bcc6f3
                                                                                                          0x02bcc6fa
                                                                                                          0x02bcc701
                                                                                                          0x02bcc708
                                                                                                          0x02bcc70f
                                                                                                          0x02bcc716
                                                                                                          0x02bcc722
                                                                                                          0x02bcc725
                                                                                                          0x02bcc72c
                                                                                                          0x02bcc733
                                                                                                          0x02bcc73e
                                                                                                          0x02bcc741
                                                                                                          0x02bcc748
                                                                                                          0x02bcc74f
                                                                                                          0x02bcc75a
                                                                                                          0x02bcc75d
                                                                                                          0x02bcc761
                                                                                                          0x02bcc767
                                                                                                          0x02bcc76e
                                                                                                          0x02bcc775
                                                                                                          0x02bcc779
                                                                                                          0x02bcc77d
                                                                                                          0x02bcc784
                                                                                                          0x02bcc78b
                                                                                                          0x02bcc797
                                                                                                          0x02bcc79a
                                                                                                          0x02bcc79d
                                                                                                          0x02bcc7a1
                                                                                                          0x02bcc7a8
                                                                                                          0x02bcc7af
                                                                                                          0x02bcc7b3
                                                                                                          0x02bcc7b7
                                                                                                          0x02bcc7be
                                                                                                          0x02bcc7c5
                                                                                                          0x02bcc7cc
                                                                                                          0x02bcc7d3
                                                                                                          0x02bcc7d3
                                                                                                          0x02bcc7e5
                                                                                                          0x02bcc8bb
                                                                                                          0x02bcc8c5
                                                                                                          0x00000000
                                                                                                          0x02bcc8c5
                                                                                                          0x02bcc7f1
                                                                                                          0x02bcc85e
                                                                                                          0x02bcc85f
                                                                                                          0x02bcc869
                                                                                                          0x02bcc876
                                                                                                          0x02bcc87b
                                                                                                          0x02bcc87e
                                                                                                          0x02bcc881
                                                                                                          0x02bcc888
                                                                                                          0x02bcc889
                                                                                                          0x02bcc88c
                                                                                                          0x00000000
                                                                                                          0x02bcc88c
                                                                                                          0x02bcc7f9
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02bcc80b
                                                                                                          0x02bcc80c
                                                                                                          0x02bcc811
                                                                                                          0x02bcc816
                                                                                                          0x02bcc817
                                                                                                          0x02bcc819
                                                                                                          0x02bcc81f
                                                                                                          0x02bcc823
                                                                                                          0x02bcc824
                                                                                                          0x02bcc829
                                                                                                          0x02bcc837
                                                                                                          0x02bcc83c
                                                                                                          0x02bcc83f
                                                                                                          0x02bcc842
                                                                                                          0x02bcc849
                                                                                                          0x02bcc84a
                                                                                                          0x02bcc84d
                                                                                                          0x02bcc84d
                                                                                                          0x02bcc897
                                                                                                          0x02bcc89c
                                                                                                          0x02bcc8a1
                                                                                                          0x02bcc8a1
                                                                                                          0x00000000

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: <;M
                                                                                                          • API String ID: 0-164005337
                                                                                                          • Opcode ID: 73c5ab59f234005a8e2c877f5276a4308ac1b195ede0ca34095172c741866b4f
                                                                                                          • Instruction ID: bc32e609b2bb4c4c89982a5ca95b41f092834aa6c96538388abe292cbab5909d
                                                                                                          • Opcode Fuzzy Hash: 73c5ab59f234005a8e2c877f5276a4308ac1b195ede0ca34095172c741866b4f
                                                                                                          • Instruction Fuzzy Hash: 5A918971D01219EFCB18CFA5D98A9EEBBB1FF44310F20805AE516BB260C7B41A46CF94
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BB1F38, Relevance: 1.4, Strings: 1, Instructions: 134COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 90%
                                                                                                          			E02BB1F38(intOrPtr __ecx, void* __edx, intOrPtr _a4) {
				char _v556;
				intOrPtr _v564;
				char _v584;
				signed int _v588;
				signed int _v592;
				signed int _v596;
				signed int _v600;
				signed int _v604;
				signed int _v608;
				signed int _v612;
				signed int _v616;
				signed int _v620;
				signed int _v624;
				void* _t89;
				signed int _t97;
				intOrPtr _t102;
				signed int _t104;
				char* _t105;
				void* _t119;
				signed int* _t125;

				_push(E02BBE5C0);
				_push(_a4);
				_t102 = __ecx;
				_push(__edx);
				_push(__ecx);
				E02BCFE29(_t89);
				_v588 = 0xa9001c;
				_t125 =  &(( &_v624)[4]);
				_v588 = _v588 + 0xfffff841;
				_v588 = _v588 ^ 0x00a8f85f;
				_t119 = 0x7750dec;
				_v596 = 0x801276;
				_v596 = _v596 << 8;
				_v596 = _v596 ^ 0x801c5a8c;
				_v592 = 0xe5da65;
				_v592 = _v592 | 0x8d0ca196;
				_v592 = _v592 ^ 0x8de55992;
				_v612 = 0x74ea46;
				_v612 = _v612 >> 6;
				_v612 = _v612 | 0x4c0dce94;
				_v612 = _v612 ^ 0x4c0245c2;
				_v604 = 0x7f8ae0;
				_t104 = 0x6f;
				_v604 = _v604 / _t104;
				_v604 = _v604 + 0x431c;
				_v604 = _v604 ^ 0x0002d2ab;
				_v608 = 0x66ed0;
				_v608 = _v608 >> 5;
				_v608 = _v608 * 0x5a;
				_v608 = _v608 ^ 0x001395e3;
				_v620 = 0x99715e;
				_v620 = _v620 + 0xffff5a71;
				_v620 = _v620 << 0x10;
				_v620 = _v620 + 0xbf19;
				_v620 = _v620 ^ 0xcbc1aabc;
				_v624 = 0x2a4f9d;
				_v624 = _v624 | 0x7ed7085f;
				_v624 = _v624 + 0xffff4297;
				_v624 = _v624 | 0x5a00af06;
				_v624 = _v624 ^ 0x7efc78c9;
				_v600 = 0xb3c9ce;
				_v600 = _v600 + 0xffff4f2d;
				_v600 = _v600 ^ 0x00b0dce6;
				_t118 = _v600;
				_v616 = 0x17dc9d;
				_v616 = _v616 ^ 0xb350768a;
				_v616 = _v616 + 0xffff5841;
				_v616 = _v616 ^ 0xb3483330;
				do {
					while(_t119 != 0x26f316f) {
						if(_t119 == 0x4832572) {
							_v556 = 0x22c;
							_t105 =  &_v556;
							_t97 = E02BBBD23(_t105, _t118, _v612, _v604, _v608);
							_t125 =  &(_t125[3]);
							L12:
							asm("sbb esi, esi");
							_t119 = ( ~_t97 & 0xf2b580e0) + 0xfb9b08f;
							continue;
						}
						if(_t119 == 0x7750dec) {
							_v564 = _t102;
							_t119 = 0xecc24d5;
							continue;
						}
						if(_t119 == 0x88070fd) {
							_t97 = E02BD06EC(_v620, _t118, _v624,  &_v556);
							_pop(_t105);
							goto L12;
						}
						if(_t119 != 0xecc24d5) {
							if(_t119 == 0xfb9b08f) {
								return E02BD1538(_v600, _v616, _t118);
							}
							goto L18;
						}
						_push(_t105);
						_t97 = E02BB7603(_v588);
						_t118 = _t97;
						_t105 = _t105;
						__eflags = _t97 - 0xffffffff;
						if(__eflags != 0) {
							_t119 = 0x4832572;
							continue;
						}
						L8:
						return _t97;
					}
					__eflags = E02BBE5C0(__eflags,  &_v556,  &_v584);
					if(__eflags == 0) {
						_t119 = 0xfb9b08f;
						goto L18;
					} else {
						_t119 = 0x88070fd;
						continue;
					}
					goto L8;
					L18:
					__eflags = _t119 - 0x5c72449;
				} while (__eflags != 0);
				return _t97;
			}























                                                                                                          0x02bb1f42
                                                                                                          0x02bb1f47
                                                                                                          0x02bb1f4e
                                                                                                          0x02bb1f50
                                                                                                          0x02bb1f51
                                                                                                          0x02bb1f52
                                                                                                          0x02bb1f57
                                                                                                          0x02bb1f5f
                                                                                                          0x02bb1f62
                                                                                                          0x02bb1f6c
                                                                                                          0x02bb1f74
                                                                                                          0x02bb1f79
                                                                                                          0x02bb1f86
                                                                                                          0x02bb1f8b
                                                                                                          0x02bb1f93
                                                                                                          0x02bb1f9b
                                                                                                          0x02bb1fa3
                                                                                                          0x02bb1fab
                                                                                                          0x02bb1fb3
                                                                                                          0x02bb1fb8
                                                                                                          0x02bb1fc0
                                                                                                          0x02bb1fc8
                                                                                                          0x02bb1fd6
                                                                                                          0x02bb1fd9
                                                                                                          0x02bb1fdd
                                                                                                          0x02bb1fe5
                                                                                                          0x02bb1fed
                                                                                                          0x02bb1ff5
                                                                                                          0x02bb1fff
                                                                                                          0x02bb2003
                                                                                                          0x02bb200b
                                                                                                          0x02bb2013
                                                                                                          0x02bb201b
                                                                                                          0x02bb2020
                                                                                                          0x02bb2028
                                                                                                          0x02bb2030
                                                                                                          0x02bb2038
                                                                                                          0x02bb2040
                                                                                                          0x02bb2048
                                                                                                          0x02bb2050
                                                                                                          0x02bb2058
                                                                                                          0x02bb2060
                                                                                                          0x02bb2068
                                                                                                          0x02bb2070
                                                                                                          0x02bb2074
                                                                                                          0x02bb207c
                                                                                                          0x02bb2084
                                                                                                          0x02bb208c
                                                                                                          0x02bb2094
                                                                                                          0x02bb2094
                                                                                                          0x02bb20a6
                                                                                                          0x02bb2146
                                                                                                          0x02bb2152
                                                                                                          0x02bb215a
                                                                                                          0x02bb215f
                                                                                                          0x02bb211f
                                                                                                          0x02bb2123
                                                                                                          0x02bb212b
                                                                                                          0x00000000
                                                                                                          0x02bb212b
                                                                                                          0x02bb20b2
                                                                                                          0x02bb2132
                                                                                                          0x02bb2136
                                                                                                          0x00000000
                                                                                                          0x02bb2136
                                                                                                          0x02bb20ba
                                                                                                          0x02bb2118
                                                                                                          0x02bb211e
                                                                                                          0x00000000
                                                                                                          0x02bb211e
                                                                                                          0x02bb20c2
                                                                                                          0x02bb20c6
                                                                                                          0x00000000
                                                                                                          0x02bb20da
                                                                                                          0x00000000
                                                                                                          0x02bb20c6
                                                                                                          0x02bb20ee
                                                                                                          0x02bb20f4
                                                                                                          0x02bb20f9
                                                                                                          0x02bb20fc
                                                                                                          0x02bb20fd
                                                                                                          0x02bb2100
                                                                                                          0x02bb2102
                                                                                                          0x00000000
                                                                                                          0x02bb2102
                                                                                                          0x02bb20e5
                                                                                                          0x02bb20e5
                                                                                                          0x02bb20e5
                                                                                                          0x02bb2173
                                                                                                          0x02bb2175
                                                                                                          0x02bb2181
                                                                                                          0x00000000
                                                                                                          0x02bb2177
                                                                                                          0x02bb2177
                                                                                                          0x00000000
                                                                                                          0x02bb2177
                                                                                                          0x00000000
                                                                                                          0x02bb2183
                                                                                                          0x02bb2183
                                                                                                          0x02bb2183
                                                                                                          0x00000000

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: Ft
                                                                                                          • API String ID: 0-1468847975
                                                                                                          • Opcode ID: 3e5220916efc710175b65f3909c4b46f0011e5eedcbc86941e3a59c9c0d47011
                                                                                                          • Instruction ID: 53bdc480402bd6099c7131f93d302e08323748b87c7ca1a8849c57c91542b9ee
                                                                                                          • Opcode Fuzzy Hash: 3e5220916efc710175b65f3909c4b46f0011e5eedcbc86941e3a59c9c0d47011
                                                                                                          • Instruction Fuzzy Hash: B0518D729083018BC359DF24D88546BBBE1FF84728F144A5DF99AA6260D7B1CA49CF87
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BCE1F8, Relevance: 1.4, Strings: 1, Instructions: 112COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 90%
                                                                                                          			E02BCE1F8(signed int* __ecx, void* __edx, void* __eflags) {
				void* _t64;
				signed int _t73;
				short* _t92;
				signed int _t93;
				signed int _t99;
				unsigned int _t100;
				unsigned int _t101;
				signed int _t110;
				short* _t111;
				signed int* _t112;
				signed int* _t113;
				signed int _t114;
				signed int _t115;
				signed int _t116;
				unsigned int _t118;
				void* _t124;
				short _t126;
				void* _t128;
				void* _t130;

				_push( *(_t128 + 0x30));
				_push( *(_t128 + 0x30));
				_push( *(_t128 + 0x30));
				_push(__ecx);
				E02BCFE29(_t64);
				 *(_t128 + 0x28) = 0xaa6cff;
				_t112 =  &(__ecx[1]);
				 *(_t128 + 0x28) =  *(_t128 + 0x28) + 0x5a3e;
				 *(_t128 + 0x28) =  *(_t128 + 0x28) << 0xc;
				 *(_t128 + 0x28) =  *(_t128 + 0x28) ^ 0xac7afad8;
				 *(_t128 + 0x24) = 0xf23620;
				_t114 = 0x4f;
				 *(_t128 + 0x28) =  *(_t128 + 0x24) / _t114;
				_t115 = 0x1d;
				 *(_t128 + 0x28) =  *(_t128 + 0x28) / _t115;
				 *(_t128 + 0x28) =  *(_t128 + 0x28) ^ 0x0000f47a;
				 *(_t128 + 0x24) = 0x6765f0;
				 *(_t128 + 0x24) =  *(_t128 + 0x24) | 0x7b5bc89c;
				 *(_t128 + 0x24) =  *(_t128 + 0x24) >> 1;
				 *(_t128 + 0x24) =  *(_t128 + 0x24) ^ 0x3db51d28;
				 *(_t128 + 0x30) = 0xe89ec2;
				_t116 = 0x26;
				 *(_t128 + 0x2c) =  *(_t128 + 0x30) / _t116;
				 *(_t128 + 0x2c) =  *(_t128 + 0x2c) ^ 0x00078a4c;
				_t110 =  *__ecx;
				_t113 =  &(_t112[1]);
				_t73 =  *_t112 ^ _t110;
				 *(_t128 + 0x30) = _t110;
				 *(_t128 + 0x34) = _t73;
				_t118 =  !=  ? (_t73 + 0x00000001 & 0xfffffffc) + 4 : _t73 + 1;
				_t92 = E02BBC5D8(_t118 + _t118);
				_t130 = _t128 + 0x18;
				 *((intOrPtr*)(_t130 + 0x18)) = _t92;
				if(_t92 != 0) {
					_t126 = 0;
					_t111 = _t92;
					_t124 =  >  ? 0 :  &(_t113[_t118 >> 2]) - _t113 + 3 >> 2;
					if(_t124 != 0) {
						_t93 =  *(_t130 + 0x20);
						do {
							_t99 =  *_t113;
							_t113 =  &(_t113[1]);
							_t100 = _t99 ^ _t93;
							 *_t111 = _t100 & 0x000000ff;
							_t111 = _t111 + 8;
							 *((short*)(_t111 - 6)) = _t100 >> 0x00000008 & 0x000000ff;
							_t101 = _t100 >> 0x10;
							_t126 = _t126 + 1;
							 *((short*)(_t111 - 4)) = _t101 & 0x000000ff;
							 *((short*)(_t111 - 2)) = _t101 >> 0x00000008 & 0x000000ff;
						} while (_t126 < _t124);
						_t92 =  *((intOrPtr*)(_t130 + 0x1c));
					}
					 *((short*)(_t92 +  *(_t130 + 0x24) * 2)) = 0;
				}
				return _t92;
			}






















                                                                                                          0x02bce1fe
                                                                                                          0x02bce202
                                                                                                          0x02bce206
                                                                                                          0x02bce20b
                                                                                                          0x02bce20c
                                                                                                          0x02bce211
                                                                                                          0x02bce219
                                                                                                          0x02bce21c
                                                                                                          0x02bce226
                                                                                                          0x02bce22b
                                                                                                          0x02bce233
                                                                                                          0x02bce241
                                                                                                          0x02bce246
                                                                                                          0x02bce250
                                                                                                          0x02bce255
                                                                                                          0x02bce25b
                                                                                                          0x02bce263
                                                                                                          0x02bce26b
                                                                                                          0x02bce273
                                                                                                          0x02bce277
                                                                                                          0x02bce27f
                                                                                                          0x02bce28b
                                                                                                          0x02bce28e
                                                                                                          0x02bce292
                                                                                                          0x02bce29a
                                                                                                          0x02bce29e
                                                                                                          0x02bce2a1
                                                                                                          0x02bce2a3
                                                                                                          0x02bce2a7
                                                                                                          0x02bce2bb
                                                                                                          0x02bce2da
                                                                                                          0x02bce2dc
                                                                                                          0x02bce2df
                                                                                                          0x02bce2e5
                                                                                                          0x02bce2ed
                                                                                                          0x02bce2ef
                                                                                                          0x02bce300
                                                                                                          0x02bce305
                                                                                                          0x02bce307
                                                                                                          0x02bce30b
                                                                                                          0x02bce30b
                                                                                                          0x02bce30d
                                                                                                          0x02bce310
                                                                                                          0x02bce315
                                                                                                          0x02bce31d
                                                                                                          0x02bce323
                                                                                                          0x02bce327
                                                                                                          0x02bce330
                                                                                                          0x02bce331
                                                                                                          0x02bce338
                                                                                                          0x02bce33c
                                                                                                          0x02bce340
                                                                                                          0x02bce340
                                                                                                          0x02bce34b
                                                                                                          0x02bce34b
                                                                                                          0x02bce357

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: >Z
                                                                                                          • API String ID: 0-2342695272
                                                                                                          • Opcode ID: 8d1f742a32db50f7dddfc35a7796f107023b2d8a4909f84100ef567bcb9ec99c
                                                                                                          • Instruction ID: e80941ed762ca640657245267f7f515eaab5c1a81b95a41734dcbec4df332c3b
                                                                                                          • Opcode Fuzzy Hash: 8d1f742a32db50f7dddfc35a7796f107023b2d8a4909f84100ef567bcb9ec99c
                                                                                                          • Instruction Fuzzy Hash: 2C41A1726183119BC304DF29C48585BFBE1FFC8718F584A6EF889A7250D774E905CB96
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BB55FF, Relevance: 1.4, Strings: 1, Instructions: 109COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 90%
                                                                                                          			E02BB55FF(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				void* _t75;
				void* _t84;
				signed int _t88;
				signed int _t89;
				void* _t92;
				intOrPtr _t109;
				signed int* _t112;

				_t108 = _a12;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E02BCFE29(_t75);
				_v68 = 0x7ffd4d;
				_t109 = 0;
				_v64 = 0;
				_t112 =  &(( &_v96)[5]);
				_v80 = 0x808dec;
				_v80 = _v80 << 7;
				_t92 = 0x1c7cd09;
				_t88 = 0x24;
				_v80 = _v80 * 0x7a;
				_v80 = _v80 ^ 0xa1de2a47;
				_v84 = 0x460263;
				_v84 = _v84 + 0xffffc38b;
				_v84 = _v84 + 0xffffb2e6;
				_v84 = _v84 ^ 0x0042c6ce;
				_v88 = 0x2af47a;
				_v88 = _v88 + 0xfffff2b2;
				_v88 = _v88 ^ 0xf3d8a894;
				_v88 = _v88 ^ 0xf3ffbcf7;
				_v92 = 0xf8385b;
				_v92 = _v92 / _t88;
				_v92 = _v92 + 0xffff302a;
				_v92 = _v92 ^ 0x00085c4c;
				_v96 = 0xec2811;
				_t89 = 0x6c;
				_v96 = _v96 / _t89;
				_v96 = _v96 | 0xeb0c0969;
				_v96 = _v96 ^ 0x646fa875;
				_v96 = _v96 ^ 0x8f64cfef;
				_v72 = 0x6e85b8;
				_v72 = _v72 + 0x990a;
				_v72 = _v72 + 0xffff81c6;
				_v72 = _v72 ^ 0x00684c5c;
				_v76 = 0xd1f521;
				_v76 = _v76 | 0xdf7ffbcd;
				_v76 = _v76 ^ 0xdff37ac7;
				do {
					while(_t92 != 0x19e170b) {
						if(_t92 == 0x1c7cd09) {
							_t92 = 0x19e170b;
							continue;
						} else {
							if(_t92 == 0x305f804) {
								_t84 = E02BD2BF0(_v88,  &_v60, _v92, _v96, _t108);
								_t112 =  &(_t112[3]);
								__eflags = _t84;
								if(__eflags != 0) {
									_t92 = 0xecd5788;
									continue;
								}
							} else {
								_t117 = _t92 - 0xecd5788;
								if(_t92 != 0xecd5788) {
									goto L11;
								} else {
									E02BC9D3E( &_v60, _v72, _t117, _v76, _t108 + 0x24);
									_t109 =  !=  ? 1 : _t109;
								}
							}
						}
						L6:
						return _t109;
					}
					E02BB22A6(_a8, _v80,  &_v60, _v84);
					_t112 =  &(_t112[2]);
					_t92 = 0x305f804;
					L11:
					__eflags = _t92 - 0xfbce5f5;
				} while (__eflags != 0);
				goto L6;
			}




















                                                                                                          0x02bb5606
                                                                                                          0x02bb560a
                                                                                                          0x02bb560b
                                                                                                          0x02bb560f
                                                                                                          0x02bb5613
                                                                                                          0x02bb5614
                                                                                                          0x02bb5615
                                                                                                          0x02bb561a
                                                                                                          0x02bb5622
                                                                                                          0x02bb5624
                                                                                                          0x02bb5628
                                                                                                          0x02bb562b
                                                                                                          0x02bb5635
                                                                                                          0x02bb563a
                                                                                                          0x02bb564b
                                                                                                          0x02bb564e
                                                                                                          0x02bb5652
                                                                                                          0x02bb565a
                                                                                                          0x02bb5662
                                                                                                          0x02bb566a
                                                                                                          0x02bb5672
                                                                                                          0x02bb567a
                                                                                                          0x02bb5682
                                                                                                          0x02bb568a
                                                                                                          0x02bb5692
                                                                                                          0x02bb569a
                                                                                                          0x02bb56aa
                                                                                                          0x02bb56ae
                                                                                                          0x02bb56b6
                                                                                                          0x02bb56be
                                                                                                          0x02bb56ca
                                                                                                          0x02bb56d2
                                                                                                          0x02bb56d6
                                                                                                          0x02bb56de
                                                                                                          0x02bb56e6
                                                                                                          0x02bb56ee
                                                                                                          0x02bb56f6
                                                                                                          0x02bb56fe
                                                                                                          0x02bb5706
                                                                                                          0x02bb570e
                                                                                                          0x02bb5716
                                                                                                          0x02bb571e
                                                                                                          0x02bb5726
                                                                                                          0x02bb5726
                                                                                                          0x02bb5730
                                                                                                          0x02bb5788
                                                                                                          0x00000000
                                                                                                          0x02bb5732
                                                                                                          0x02bb5738
                                                                                                          0x02bb5778
                                                                                                          0x02bb577d
                                                                                                          0x02bb5780
                                                                                                          0x02bb5782
                                                                                                          0x02bb5784
                                                                                                          0x00000000
                                                                                                          0x02bb5784
                                                                                                          0x02bb573a
                                                                                                          0x02bb573a
                                                                                                          0x02bb573c
                                                                                                          0x00000000
                                                                                                          0x02bb573e
                                                                                                          0x02bb574e
                                                                                                          0x02bb575a
                                                                                                          0x02bb575a
                                                                                                          0x02bb573c
                                                                                                          0x02bb5738
                                                                                                          0x02bb575e
                                                                                                          0x02bb5766
                                                                                                          0x02bb5766
                                                                                                          0x02bb579d
                                                                                                          0x02bb57a2
                                                                                                          0x02bb57a5
                                                                                                          0x02bb57aa
                                                                                                          0x02bb57aa
                                                                                                          0x02bb57aa
                                                                                                          0x00000000

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: \Lh
                                                                                                          • API String ID: 0-2235754405
                                                                                                          • Opcode ID: 63cd4f9c5a574e3e45a1960c735d5968b00aabc6b35dc1560b5b813faa8dd26e
                                                                                                          • Instruction ID: c6aa392737881d76a218286eef9e907b2d0b741d151e5dfa1eee41cf607169c1
                                                                                                          • Opcode Fuzzy Hash: 63cd4f9c5a574e3e45a1960c735d5968b00aabc6b35dc1560b5b813faa8dd26e
                                                                                                          • Instruction Fuzzy Hash: 6F419971208342CFD769CE21D88486BBBE5FFD8308F104A5DF5A592260E7B5CA09CB47
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BBE640, Relevance: 1.4, Strings: 1, Instructions: 101COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 91%
                                                                                                          			E02BBE640(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				char _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				void* _t68;
				void* _t78;
				signed int _t79;
				void* _t82;
				void* _t97;
				signed int* _t100;

				_t96 = _a8;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E02BCFE29(_t68);
				_v68 = 0x77f17d;
				_t100 =  &(( &_v88)[4]);
				_v68 = _v68 + 0xffffbc47;
				_v68 = _v68 ^ 0x007a21f6;
				_t97 = 0;
				_v76 = 0xd01664;
				_t82 = 0xf37e824;
				_t79 = 0x2a;
				_v76 = _v76 * 0x7b;
				_v76 = _v76 + 0xc6ac;
				_v76 = _v76 ^ 0x63f53bf0;
				_v84 = 0xca0bb3;
				_v84 = _v84 | 0xec4cd5b6;
				_v84 = _v84 ^ 0xa5b6880a;
				_v84 = _v84 + 0x809e;
				_v84 = _v84 ^ 0x497d3a42;
				_v72 = 0x505b1c;
				_v72 = _v72 | 0xf2745011;
				_v72 = _v72 ^ 0xf27af575;
				_v88 = 0x8ba087;
				_v88 = _v88 + 0x570e;
				_v88 = _v88 + 0xffffc480;
				_v88 = _v88 >> 5;
				_v88 = _v88 ^ 0x00062f0c;
				_v64 = 0x507489;
				_v64 = _v64 + 0x50d6;
				_v64 = _v64 ^ 0x0059b1d9;
				_v80 = 0x3c915f;
				_v80 = _v80 + 0xba86;
				_v80 = _v80 / _t79;
				_v80 = _v80 + 0x3cb0;
				_v80 = _v80 ^ 0x00080f7c;
				do {
					while(_t82 != 0x5422f69) {
						if(_t82 == 0xc053a7e) {
							__eflags = E02BC9D3E( &_v60, _v64, __eflags, _v80, _t96 + 4);
							_t97 =  !=  ? 1 : _t97;
						} else {
							if(_t82 == 0xe18d46d) {
								_t78 = E02BD2BF0(_v84,  &_v60, _v72, _v88, _t96);
								_t100 =  &(_t100[3]);
								__eflags = _t78;
								if(__eflags != 0) {
									_t82 = 0xc053a7e;
									continue;
								}
							} else {
								if(_t82 != 0xf37e824) {
									goto L9;
								} else {
									_t82 = 0x5422f69;
									continue;
								}
							}
						}
						L12:
						return _t97;
					}
					E02BB22A6(_a4, _v68,  &_v60, _v76);
					_t100 =  &(_t100[2]);
					_t82 = 0xe18d46d;
					L9:
					__eflags = _t82 - 0xc897eb;
				} while (__eflags != 0);
				goto L12;
			}

















                                                                                                          0x02bbe647
                                                                                                          0x02bbe64b
                                                                                                          0x02bbe64c
                                                                                                          0x02bbe650
                                                                                                          0x02bbe651
                                                                                                          0x02bbe652
                                                                                                          0x02bbe657
                                                                                                          0x02bbe65f
                                                                                                          0x02bbe662
                                                                                                          0x02bbe66c
                                                                                                          0x02bbe674
                                                                                                          0x02bbe676
                                                                                                          0x02bbe67e
                                                                                                          0x02bbe68f
                                                                                                          0x02bbe690
                                                                                                          0x02bbe694
                                                                                                          0x02bbe69c
                                                                                                          0x02bbe6a4
                                                                                                          0x02bbe6ac
                                                                                                          0x02bbe6b4
                                                                                                          0x02bbe6bc
                                                                                                          0x02bbe6c4
                                                                                                          0x02bbe6cc
                                                                                                          0x02bbe6d4
                                                                                                          0x02bbe6dc
                                                                                                          0x02bbe6e4
                                                                                                          0x02bbe6ec
                                                                                                          0x02bbe6f4
                                                                                                          0x02bbe6fc
                                                                                                          0x02bbe701
                                                                                                          0x02bbe709
                                                                                                          0x02bbe711
                                                                                                          0x02bbe719
                                                                                                          0x02bbe721
                                                                                                          0x02bbe729
                                                                                                          0x02bbe73c
                                                                                                          0x02bbe740
                                                                                                          0x02bbe748
                                                                                                          0x02bbe750
                                                                                                          0x02bbe750
                                                                                                          0x02bbe756
                                                                                                          0x02bbe7cf
                                                                                                          0x02bbe7d1
                                                                                                          0x02bbe758
                                                                                                          0x02bbe75e
                                                                                                          0x02bbe77d
                                                                                                          0x02bbe782
                                                                                                          0x02bbe785
                                                                                                          0x02bbe787
                                                                                                          0x02bbe789
                                                                                                          0x00000000
                                                                                                          0x02bbe789
                                                                                                          0x02bbe760
                                                                                                          0x02bbe766
                                                                                                          0x00000000
                                                                                                          0x02bbe768
                                                                                                          0x02bbe768
                                                                                                          0x00000000
                                                                                                          0x02bbe768
                                                                                                          0x02bbe766
                                                                                                          0x02bbe75e
                                                                                                          0x02bbe7d5
                                                                                                          0x02bbe7dd
                                                                                                          0x02bbe7dd
                                                                                                          0x02bbe79e
                                                                                                          0x02bbe7a3
                                                                                                          0x02bbe7a6
                                                                                                          0x02bbe7ab
                                                                                                          0x02bbe7ab
                                                                                                          0x02bbe7ab
                                                                                                          0x00000000

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: B:}I
                                                                                                          • API String ID: 0-2889142627
                                                                                                          • Opcode ID: 6ed0f2fc26554ae44f1383b8ba90fd9ece13569b3829980cc3403a361e899453
                                                                                                          • Instruction ID: e0fc7ed4f3514dbae5bbc309b0c6fc2acafc84021a186da988b7221e9d3dcb56
                                                                                                          • Opcode Fuzzy Hash: 6ed0f2fc26554ae44f1383b8ba90fd9ece13569b3829980cc3403a361e899453
                                                                                                          • Instruction Fuzzy Hash: 8C41A9715083429BD758CE21D98586FBBE5FFC4718F50091DF682922A0D7B5CA09CF93
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BC0ABA, Relevance: 1.3, Strings: 1, Instructions: 97COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 84%
                                                                                                          			E02BC0ABA(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				unsigned int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				char _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				void* _t98;
				signed int _t104;
				signed int _t105;
				intOrPtr _t116;

				_push(0x104);
				_push(_a16);
				_v44 = 0x104;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E02BCFE29(0x104);
				_v56 = 0x2049f9;
				_t116 = 0;
				_v52 = 0;
				_v48 = 0;
				_v20 = 0xeb153a;
				_v20 = _v20 | 0xe521a998;
				_v20 = _v20 >> 0xe;
				_v20 = _v20 ^ 0x000387ae;
				_v32 = 0xc4823f;
				_v32 = _v32 + 0xd346;
				_v32 = _v32 ^ 0x00c87855;
				_v28 = 0x319d41;
				_v28 = _v28 >> 0x10;
				_v28 = _v28 ^ 0x000ba15b;
				_v16 = 0x4743d7;
				_t104 = 0x54;
				_v16 = _v16 / _t104;
				_v16 = _v16 ^ 0xf604c8f9;
				_v16 = _v16 ^ 0xf6068564;
				_v24 = 0x18550b;
				_v24 = _v24 ^ 0x1069247b;
				_t105 = 5;
				_v24 = _v24 / _t105;
				_v24 = _v24 ^ 0x03437d28;
				_v36 = 0xafe78e;
				_v36 = _v36 << 8;
				_v36 = _v36 ^ 0xafe5259b;
				_v8 = 0xc66a38;
				_v8 = _v8 ^ 0x50a68901;
				_v8 = _v8 ^ 0x40045619;
				_v8 = _v8 * 0x15;
				_v8 = _v8 ^ 0x584c57e2;
				_v12 = 0xdb79dc;
				_v12 = _v12 << 0xa;
				_v12 = _v12 << 3;
				_v12 = _v12 ^ 0x1655447b;
				_v12 = _v12 ^ 0x796b06cf;
				_v40 = 0x1393c;
				_v40 = _v40 + 0x9e03;
				_v40 = _v40 ^ 0x000e16cd;
				_t98 = E02BCF790(_t105, _a12, _v20);
				_t115 = _t98;
				if(_t98 != 0) {
					_t116 = E02BBDAAA(_t115, _v24, _v36, _a8, _v8, _t105,  &_v44);
					E02BD1538(_v12, _v40, _t115);
				}
				return _t116;
			}




















                                                                                                          0x02bc0ac7
                                                                                                          0x02bc0ac8
                                                                                                          0x02bc0acb
                                                                                                          0x02bc0ace
                                                                                                          0x02bc0ad1
                                                                                                          0x02bc0ad4
                                                                                                          0x02bc0ad7
                                                                                                          0x02bc0ad8
                                                                                                          0x02bc0ad9
                                                                                                          0x02bc0ade
                                                                                                          0x02bc0ae5
                                                                                                          0x02bc0ae7
                                                                                                          0x02bc0aec
                                                                                                          0x02bc0aef
                                                                                                          0x02bc0af6
                                                                                                          0x02bc0afd
                                                                                                          0x02bc0b01
                                                                                                          0x02bc0b08
                                                                                                          0x02bc0b0f
                                                                                                          0x02bc0b16
                                                                                                          0x02bc0b1d
                                                                                                          0x02bc0b24
                                                                                                          0x02bc0b28
                                                                                                          0x02bc0b2f
                                                                                                          0x02bc0b3b
                                                                                                          0x02bc0b40
                                                                                                          0x02bc0b45
                                                                                                          0x02bc0b4c
                                                                                                          0x02bc0b53
                                                                                                          0x02bc0b5a
                                                                                                          0x02bc0b64
                                                                                                          0x02bc0b6a
                                                                                                          0x02bc0b6d
                                                                                                          0x02bc0b74
                                                                                                          0x02bc0b7b
                                                                                                          0x02bc0b7f
                                                                                                          0x02bc0b86
                                                                                                          0x02bc0b8d
                                                                                                          0x02bc0b94
                                                                                                          0x02bc0b9f
                                                                                                          0x02bc0ba2
                                                                                                          0x02bc0ba9
                                                                                                          0x02bc0bb0
                                                                                                          0x02bc0bb4
                                                                                                          0x02bc0bb8
                                                                                                          0x02bc0bbf
                                                                                                          0x02bc0bc6
                                                                                                          0x02bc0bcd
                                                                                                          0x02bc0bd4
                                                                                                          0x02bc0beb
                                                                                                          0x02bc0bf0
                                                                                                          0x02bc0bf7
                                                                                                          0x02bc0c14
                                                                                                          0x02bc0c1a
                                                                                                          0x02bc0c1f
                                                                                                          0x02bc0c29

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: WLX
                                                                                                          • API String ID: 0-2077286540
                                                                                                          • Opcode ID: b94b1f32627560e7e3bebf5b4d80886b5e9b19d90dbb90a2e0b071273a2a2c24
                                                                                                          • Instruction ID: 730bbbabae28ad4058359e14628d97104abc6a91f8551c8a0bf659e0842349f1
                                                                                                          • Opcode Fuzzy Hash: b94b1f32627560e7e3bebf5b4d80886b5e9b19d90dbb90a2e0b071273a2a2c24
                                                                                                          • Instruction Fuzzy Hash: 4341E1B1D0120DEBCF05DFA5D94A8EEBBB6FB48314F208199E916B7210D3B54A55CF90
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BCFBDE, Relevance: 1.3, Strings: 1, Instructions: 95COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 95%
                                                                                                          			E02BCFBDE() {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				intOrPtr _t97;
				void* _t99;
				intOrPtr _t100;
				signed int _t108;
				signed int _t109;
				void* _t111;

				_v44 = _v44 & 0x00000000;
				_v40 = _v40 & 0x00000000;
				_v48 = 0xd22319;
				_v20 = 0x8c11a4;
				_v20 = _v20 ^ 0x18a8aba7;
				_t108 = 0xa;
				_v20 = _v20 / _t108;
				_v20 = _v20 ^ 0x026f5dce;
				_v16 = 0xc2c77c;
				_t99 = 0xb09cdbf;
				_v16 = _v16 | 0x0f3eeb6c;
				_t109 = 0x25;
				_v16 = _v16 / _t109;
				_v16 = _v16 * 0x35;
				_v16 = _v16 ^ 0x16ecca7d;
				_v12 = 0x9a8850;
				_v12 = _v12 * 0x3d;
				_v12 = _v12 + 0xffff2448;
				_v12 = _v12 + 0xffff902b;
				_v12 = _v12 ^ 0x24dbb777;
				_v8 = 0xd2df60;
				_v8 = _v8 + 0xffff203f;
				_v8 = _v8 | 0xa0e0e7e8;
				_v8 = _v8 << 6;
				_v8 = _v8 ^ 0x3c71d6f5;
				_v32 = 0x56890f;
				_v32 = _v32 << 0xa;
				_v32 = _v32 + 0x42ee;
				_v32 = _v32 ^ 0x5a20a45b;
				_v28 = 0x745af2;
				_v28 = _v28 + 0x7057;
				_v28 = _v28 * 0x1d;
				_v28 = _v28 ^ 0x0d34271a;
				_v36 = 0xe2682;
				_v36 = _v36 >> 3;
				_v36 = _v36 ^ 0x000bc26f;
				_v24 = 0x784a24;
				_v24 = _v24 + 0x8efc;
				_v24 = _v24 >> 6;
				_v24 = _v24 ^ 0x000a24d7;
				do {
					while(_t99 != 0x4881f76) {
						if(_t99 == 0xb09cdbf) {
							_push(_t99);
							_push(_t99);
							_t97 = E02BBC5D8(0x124);
							_t111 = _t111 + 0xc;
							 *0x2bd621c = _t97;
							_t99 = 0x4881f76;
							continue;
						}
						goto L5;
					}
					_t100 =  *0x2bd621c; // 0x0
					E02BC9DF5(_t100 + 4, _v32, _v28, _v36, _v24);
					_t111 = _t111 + 0xc;
					_t99 = 0x6dda74a;
					L5:
				} while (_t99 != 0x6dda74a);
				return 1;
			}




















                                                                                                          0x02bcfbe4
                                                                                                          0x02bcfbea
                                                                                                          0x02bcfbee
                                                                                                          0x02bcfbf5
                                                                                                          0x02bcfbfc
                                                                                                          0x02bcfc0b
                                                                                                          0x02bcfc10
                                                                                                          0x02bcfc15
                                                                                                          0x02bcfc21
                                                                                                          0x02bcfc28
                                                                                                          0x02bcfc2a
                                                                                                          0x02bcfc39
                                                                                                          0x02bcfc41
                                                                                                          0x02bcfc48
                                                                                                          0x02bcfc4b
                                                                                                          0x02bcfc52
                                                                                                          0x02bcfc5d
                                                                                                          0x02bcfc60
                                                                                                          0x02bcfc67
                                                                                                          0x02bcfc6e
                                                                                                          0x02bcfc75
                                                                                                          0x02bcfc7c
                                                                                                          0x02bcfc83
                                                                                                          0x02bcfc8a
                                                                                                          0x02bcfc8e
                                                                                                          0x02bcfc95
                                                                                                          0x02bcfc9c
                                                                                                          0x02bcfca0
                                                                                                          0x02bcfca7
                                                                                                          0x02bcfcae
                                                                                                          0x02bcfcb5
                                                                                                          0x02bcfcc0
                                                                                                          0x02bcfcc3
                                                                                                          0x02bcfcca
                                                                                                          0x02bcfcd1
                                                                                                          0x02bcfcd5
                                                                                                          0x02bcfcdc
                                                                                                          0x02bcfce3
                                                                                                          0x02bcfcea
                                                                                                          0x02bcfcee
                                                                                                          0x02bcfcf5
                                                                                                          0x02bcfcf5
                                                                                                          0x02bcfcfb
                                                                                                          0x02bcfd09
                                                                                                          0x02bcfd0a
                                                                                                          0x02bcfd10
                                                                                                          0x02bcfd15
                                                                                                          0x02bcfd18
                                                                                                          0x02bcfd1d
                                                                                                          0x00000000
                                                                                                          0x02bcfd1d
                                                                                                          0x00000000
                                                                                                          0x02bcfcfb
                                                                                                          0x02bcfd2a
                                                                                                          0x02bcfd36
                                                                                                          0x02bcfd3b
                                                                                                          0x02bcfd3e
                                                                                                          0x02bcfd40
                                                                                                          0x02bcfd40
                                                                                                          0x02bcfd4d

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: $Jx
                                                                                                          • API String ID: 0-2488101295
                                                                                                          • Opcode ID: 797f5407b77025c8b07c99b2fa1ac0f47483c528432d5323400173577c02a8ee
                                                                                                          • Instruction ID: d24f9b699d9802f5eef0c0b196da9d7a8f422c1d892b716dd251b428a6dfbd10
                                                                                                          • Opcode Fuzzy Hash: 797f5407b77025c8b07c99b2fa1ac0f47483c528432d5323400173577c02a8ee
                                                                                                          • Instruction Fuzzy Hash: 98411471E0021AEBDF08CFA5D98A5EEBBB1FB44318F20819DD512B7250D7B85A49CF91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BB7078, Relevance: 1.3, Strings: 1, Instructions: 94COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 34%
                                                                                                          			E02BB7078(void* __ecx, void* __eflags) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _t109;
				signed int _t113;
				signed int _t114;
				signed int _t115;
				signed int _t116;
				signed int _t117;
				signed int _t118;
				void* _t132;
				void* _t133;
				signed int _t134;

				_v12 = 0x8f98c8;
				_v12 = _v12 >> 1;
				_v12 = _v12 << 0x10;
				_v12 = _v12 ^ 0x6b25fb67;
				_v12 = _v12 ^ 0xa7412f1a;
				_v8 = 0xcf53a8;
				_v8 = _v8 + 0xffff4190;
				_v8 = _v8 << 6;
				_v8 = _v8 ^ 0xcc79c588;
				_v8 = _v8 ^ 0xffd9b9f8;
				_v32 = 0xdc21b3;
				_t133 = __ecx;
				_t113 = 0x53;
				_v32 = _v32 / _t113;
				_v32 = _v32 ^ 0x0002aeef;
				_v20 = 0xa54b66;
				_t114 = 0x25;
				_v20 = _v20 / _t114;
				_v20 = _v20 << 4;
				_v20 = _v20 ^ 0x00488e30;
				_v28 = 0xf9718f;
				_v28 = _v28 | 0xd1e9f83c;
				_v28 = _v28 + 0xbce;
				_v28 = _v28 ^ 0xd1f9aa01;
				_v16 = 0x596927;
				_t115 = 0x70;
				_v16 = _v16 / _t115;
				_t116 = 0x65;
				_v16 = _v16 / _t116;
				_t117 = 0x1e;
				_v16 = _v16 / _t117;
				_v16 = _v16 ^ 0x0002780a;
				_v24 = 0x48f141;
				_v24 = _v24 << 0xe;
				_v24 = _v24 >> 1;
				_v24 = _v24 ^ 0x1e282004;
				_v36 = 0x9232a3;
				_t118 = 0x42;
				_push(_t118);
				_v36 = _v36 / _t118;
				_v36 = _v36 ^ 0x00023701;
				_push(_t118);
				_t109 = E02BCCCA0(_v24, _v36);
				_push(_t133);
				_t134 = _t109;
				_push(_t134);
				_push(_v16);
				_t132 = 3;
				E02BBE404(_v28, _t132);
				 *((short*)(_t133 + _t134 * 2)) = 0;
				return 0;
			}





















                                                                                                          0x02bb707e
                                                                                                          0x02bb7087
                                                                                                          0x02bb708a
                                                                                                          0x02bb708e
                                                                                                          0x02bb7095
                                                                                                          0x02bb709c
                                                                                                          0x02bb70a3
                                                                                                          0x02bb70aa
                                                                                                          0x02bb70ae
                                                                                                          0x02bb70b5
                                                                                                          0x02bb70bc
                                                                                                          0x02bb70ca
                                                                                                          0x02bb70cc
                                                                                                          0x02bb70d1
                                                                                                          0x02bb70d6
                                                                                                          0x02bb70dd
                                                                                                          0x02bb70e7
                                                                                                          0x02bb70ec
                                                                                                          0x02bb70f1
                                                                                                          0x02bb70f5
                                                                                                          0x02bb70fc
                                                                                                          0x02bb7103
                                                                                                          0x02bb710a
                                                                                                          0x02bb7111
                                                                                                          0x02bb7118
                                                                                                          0x02bb7122
                                                                                                          0x02bb7127
                                                                                                          0x02bb712f
                                                                                                          0x02bb7134
                                                                                                          0x02bb713c
                                                                                                          0x02bb7141
                                                                                                          0x02bb7146
                                                                                                          0x02bb714d
                                                                                                          0x02bb7154
                                                                                                          0x02bb7158
                                                                                                          0x02bb715b
                                                                                                          0x02bb7162
                                                                                                          0x02bb716c
                                                                                                          0x02bb716f
                                                                                                          0x02bb7170
                                                                                                          0x02bb7173
                                                                                                          0x02bb7186
                                                                                                          0x02bb718d
                                                                                                          0x02bb7192
                                                                                                          0x02bb7193
                                                                                                          0x02bb7195
                                                                                                          0x02bb7196
                                                                                                          0x02bb719b
                                                                                                          0x02bb719f
                                                                                                          0x02bb71a9
                                                                                                          0x02bb71b2

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: 'iY
                                                                                                          • API String ID: 0-1691070665
                                                                                                          • Opcode ID: 6788c65911eecd76a1228675ca9b2fbe269b5cbae0b502254479bb4ad135f5f6
                                                                                                          • Instruction ID: 87c1430d114b600a355247adb4cd4d6dffde3ca66de11a3d8813e74277f1d280
                                                                                                          • Opcode Fuzzy Hash: 6788c65911eecd76a1228675ca9b2fbe269b5cbae0b502254479bb4ad135f5f6
                                                                                                          • Instruction Fuzzy Hash: DE411372E00219EBEF08DFA5D94A9EEFBB2FB44304F208059D515BB290D7B55A15CF90
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BC6187, Relevance: 1.3, Strings: 1, Instructions: 71COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 97%
                                                                                                          			E02BC6187(void* __ecx) {
				intOrPtr _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				void* _t52;
				void* _t56;
				void* _t58;
				void* _t59;
				void* _t61;
				intOrPtr _t62;
				signed int* _t64;

				_t58 = __ecx;
				_t64 =  &_v36;
				_v12 = 0x9a6334;
				_t59 = 0x428baaa;
				_v8 = 0x1104ea;
				_t62 = 0;
				_v4 = 0;
				_v28 = 0xb15b0c;
				_t61 = __ecx;
				_v28 = _v28 * 0x1d;
				_v28 = _v28 ^ 0xf86649d6;
				_v28 = _v28 ^ 0xec767c96;
				_v36 = 0x38db19;
				_v36 = _v36 ^ 0x5bdda26a;
				_v36 = _v36 + 0xffff005e;
				_v36 = _v36 | 0xaa371973;
				_v36 = _v36 ^ 0xfbf0c1f1;
				_v32 = 0x2e8edf;
				_v32 = _v32 | 0x3500a324;
				_v32 = _v32 ^ 0x353f0f34;
				_v32 = _v32 >> 0xd;
				_v32 = _v32 ^ 0x000af409;
				_v16 = 0xfc04c2;
				_v16 = _v16 >> 0xe;
				_v16 = _v16 ^ 0x000f83ee;
				_v20 = 0xce9672;
				_v20 = _v20 | 0xcae5864f;
				_v20 = _v20 ^ 0xcae41209;
				_v24 = 0x20b296;
				_v24 = _v24 | 0x98e19d34;
				_v24 = _v24 ^ 0x98e5764e;
				do {
					while(_t59 != 0x2638d08) {
						if(_t59 == 0x428baaa) {
							_t59 = 0x994f089;
							continue;
						} else {
							if(_t59 == 0x994f089) {
								_push(_t58);
								_t56 = E02BC07F0();
								_t64 =  &(_t64[1]);
								_t59 = 0x2638d08;
								_t62 = _t62 + _t56;
								continue;
							}
						}
						goto L7;
					}
					_t58 = _t61 + 4;
					_t52 = E02BCBE8C(_t58, _v32, _v16, _v20, _v24);
					_t64 =  &(_t64[3]);
					_t59 = 0xb7af90a;
					_t62 = _t62 + _t52;
					L7:
				} while (_t59 != 0xb7af90a);
				return _t62;
			}



















                                                                                                          0x02bc6187
                                                                                                          0x02bc6187
                                                                                                          0x02bc618a
                                                                                                          0x02bc6192
                                                                                                          0x02bc6197
                                                                                                          0x02bc61a2
                                                                                                          0x02bc61a9
                                                                                                          0x02bc61b2
                                                                                                          0x02bc61c0
                                                                                                          0x02bc61c2
                                                                                                          0x02bc61c6
                                                                                                          0x02bc61ce
                                                                                                          0x02bc61d6
                                                                                                          0x02bc61de
                                                                                                          0x02bc61e6
                                                                                                          0x02bc61ee
                                                                                                          0x02bc61f6
                                                                                                          0x02bc61fe
                                                                                                          0x02bc6206
                                                                                                          0x02bc620e
                                                                                                          0x02bc6216
                                                                                                          0x02bc621b
                                                                                                          0x02bc6223
                                                                                                          0x02bc622b
                                                                                                          0x02bc6230
                                                                                                          0x02bc6238
                                                                                                          0x02bc6240
                                                                                                          0x02bc6248
                                                                                                          0x02bc6250
                                                                                                          0x02bc6258
                                                                                                          0x02bc6260
                                                                                                          0x02bc6268
                                                                                                          0x02bc6268
                                                                                                          0x02bc6272
                                                                                                          0x02bc628f
                                                                                                          0x00000000
                                                                                                          0x02bc6274
                                                                                                          0x02bc6276
                                                                                                          0x02bc6280
                                                                                                          0x02bc6281
                                                                                                          0x02bc6286
                                                                                                          0x02bc6289
                                                                                                          0x02bc628b
                                                                                                          0x00000000
                                                                                                          0x02bc628b
                                                                                                          0x02bc6276
                                                                                                          0x00000000
                                                                                                          0x02bc6272
                                                                                                          0x02bc6297
                                                                                                          0x02bc62a6
                                                                                                          0x02bc62ab
                                                                                                          0x02bc62ae
                                                                                                          0x02bc62b3
                                                                                                          0x02bc62b5
                                                                                                          0x02bc62b5
                                                                                                          0x02bc62c6

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: ^
                                                                                                          • API String ID: 0-1590793086
                                                                                                          • Opcode ID: 15f427db74853c52db19e36ecd5d1196a4b9b3c1a225ff2705a6343ab6a06753
                                                                                                          • Instruction ID: 1ff5bb60dd4e7a256dea2c757433f39e81bf5619dcfbd8b120a80c597500f5c9
                                                                                                          • Opcode Fuzzy Hash: 15f427db74853c52db19e36ecd5d1196a4b9b3c1a225ff2705a6343ab6a06753
                                                                                                          • Instruction Fuzzy Hash: 723156722093428FC718CF24958540FBBE5FBD4748F104A2DF596A6224D3B5DA1ACB93
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BCCAD5, Relevance: 1.3, Strings: 1, Instructions: 69COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 90%
                                                                                                          			E02BCCAD5(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, signed int _a8, signed int _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				intOrPtr _v36;
				void* _t69;
				intOrPtr _t76;
				signed int _t78;
				signed int _t86;
				intOrPtr* _t87;

				_t87 = _a8;
				_t86 = _a12;
				_push(_t86);
				_push(_t87);
				_push(_a4);
				E02BCFE29(_t69);
				_v32 = _v32 & 0x00000000;
				_v28 = _v28 & 0x00000000;
				_v36 = 0xc93ec5;
				_a8 = 0xcab84b;
				_a8 = _a8 >> 1;
				_a8 = _a8 | 0xee18e3b9;
				_a8 = _a8 ^ 0xee71da74;
				_v16 = 0x1dfffe;
				_v16 = _v16 | 0x90f94c10;
				_v16 = _v16 ^ 0x90ff99a5;
				_v12 = 0xe4edc;
				_v12 = _v12 ^ 0xcefa836b;
				_v12 = _v12 ^ 0xcefa5bee;
				_a12 = 0xedd33e;
				_a12 = _a12 ^ 0xf7b2c6ca;
				_a12 = _a12 | 0xdc5ffd20;
				_a12 = _a12 ^ 0xadaf2279;
				_a12 = _a12 ^ 0x52f8ee07;
				_v8 = 0x14e12c;
				_t78 = 6;
				_v8 = _v8 * 0xa;
				_v8 = _v8 / _t78;
				_v8 = _v8 ^ 0x002f50e1;
				_v24 = 0x3584ef;
				_v24 = _v24 ^ 0xd7b39bf3;
				_v24 = _v24 ^ 0xd7855a87;
				_v20 = 0x11ef3f;
				_v20 = _v20 ^ 0xad5d4e81;
				_v20 = _v20 ^ 0xad432fff;
				E02BC0A90(_a8, _v16, _v12, _t86, _a12,  *((intOrPtr*)(_t87 + 4)));
				E02BCC9B0(_v8,  *((intOrPtr*)(_t86 + 0x34)), _v24,  *((intOrPtr*)(_t87 + 4)),  *_t87, _v20);
				_t76 =  *((intOrPtr*)(_t87 + 4));
				 *((intOrPtr*)(_t86 + 0x34)) =  *((intOrPtr*)(_t86 + 0x34)) + _t76;
				return _t76;
			}
















                                                                                                          0x02bccadc
                                                                                                          0x02bccae0
                                                                                                          0x02bccae3
                                                                                                          0x02bccae4
                                                                                                          0x02bccae5
                                                                                                          0x02bccaea
                                                                                                          0x02bccaef
                                                                                                          0x02bccaf5
                                                                                                          0x02bccaf9
                                                                                                          0x02bccb00
                                                                                                          0x02bccb07
                                                                                                          0x02bccb0a
                                                                                                          0x02bccb11
                                                                                                          0x02bccb18
                                                                                                          0x02bccb1f
                                                                                                          0x02bccb26
                                                                                                          0x02bccb2d
                                                                                                          0x02bccb34
                                                                                                          0x02bccb3b
                                                                                                          0x02bccb42
                                                                                                          0x02bccb49
                                                                                                          0x02bccb50
                                                                                                          0x02bccb57
                                                                                                          0x02bccb5e
                                                                                                          0x02bccb65
                                                                                                          0x02bccb72
                                                                                                          0x02bccb73
                                                                                                          0x02bccb7b
                                                                                                          0x02bccb7e
                                                                                                          0x02bccb85
                                                                                                          0x02bccb8c
                                                                                                          0x02bccb93
                                                                                                          0x02bccb9a
                                                                                                          0x02bccba1
                                                                                                          0x02bccba8
                                                                                                          0x02bccbbf
                                                                                                          0x02bccbd5
                                                                                                          0x02bccbda
                                                                                                          0x02bccbe0
                                                                                                          0x02bccbe8

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: P/
                                                                                                          • API String ID: 0-4116444305
                                                                                                          • Opcode ID: 6f020d937ebaa896c9d230a2bf1ecbcee9e07464a67b9e6fe3dda2eabbf40348
                                                                                                          • Instruction ID: 8addaa5a1a61f8d91d38597ed6801bfacd42e7dbd09e52d1d0caf69a7ddd72be
                                                                                                          • Opcode Fuzzy Hash: 6f020d937ebaa896c9d230a2bf1ecbcee9e07464a67b9e6fe3dda2eabbf40348
                                                                                                          • Instruction Fuzzy Hash: FE31347190130AEFCF18CFA1CA0699EBBB1FF44304F208549E926A6220C3B59B61DF81
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BD2B09, Relevance: 1.3, Strings: 1, Instructions: 57COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 85%
                                                                                                          			E02BD2B09(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				unsigned int _v8;
				signed int _v12;
				unsigned int _v16;
				signed int _v20;
				void* _t59;
				signed int _t68;
				void* _t74;

				_push(_a8);
				_t74 = __edx;
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E02BCFE29(_t59);
				_v8 = 0x93d6ec;
				_v8 = _v8 << 7;
				_v8 = _v8 + 0xffff3f9a;
				_v8 = _v8 >> 0xb;
				_v8 = _v8 ^ 0x00010f7f;
				_v16 = 0x446197;
				_v16 = _v16 >> 4;
				_v16 = _v16 + 0xffff9430;
				_v16 = _v16 ^ 0x00039bf5;
				_v12 = 0x6cea88;
				_v12 = _v12 >> 1;
				_t68 = 0x54;
				_v12 = _v12 / _t68;
				_v12 = _v12 + 0x3de4;
				_v12 = _v12 ^ 0x00083458;
				_v20 = 0x13246e;
				_v20 = _v20 << 0xf;
				_v20 = _v20 << 0xf;
				_v20 = _v20 ^ 0x800a585e;
				_v20 = 0x9dc8c5;
				_v20 = _v20 + 0xe5f4;
				_v20 = _v20 + 0xffffcd2d;
				_v20 = _v20 ^ 0x00910c57;
				_v12 = 0x6d0957;
				_v12 = _v12 << 1;
				_v12 = _v12 ^ 0xc39cd689;
				_v12 = _v12 ^ 0x6e460985;
				_v12 = _v12 ^ 0xad0dfd5a;
				return E02BC0C2A(E02BD28EB(), _v20, _t68, _v12, _t74);
			}










                                                                                                          0x02bd2b10
                                                                                                          0x02bd2b13
                                                                                                          0x02bd2b15
                                                                                                          0x02bd2b18
                                                                                                          0x02bd2b19
                                                                                                          0x02bd2b1a
                                                                                                          0x02bd2b1f
                                                                                                          0x02bd2b29
                                                                                                          0x02bd2b2f
                                                                                                          0x02bd2b36
                                                                                                          0x02bd2b3a
                                                                                                          0x02bd2b41
                                                                                                          0x02bd2b48
                                                                                                          0x02bd2b4c
                                                                                                          0x02bd2b53
                                                                                                          0x02bd2b5a
                                                                                                          0x02bd2b61
                                                                                                          0x02bd2b69
                                                                                                          0x02bd2b6c
                                                                                                          0x02bd2b6f
                                                                                                          0x02bd2b76
                                                                                                          0x02bd2b7d
                                                                                                          0x02bd2b84
                                                                                                          0x02bd2b88
                                                                                                          0x02bd2b8c
                                                                                                          0x02bd2b93
                                                                                                          0x02bd2b9a
                                                                                                          0x02bd2ba1
                                                                                                          0x02bd2ba8
                                                                                                          0x02bd2baf
                                                                                                          0x02bd2bb6
                                                                                                          0x02bd2bb9
                                                                                                          0x02bd2bc0
                                                                                                          0x02bd2bc7
                                                                                                          0x02bd2bef

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: Wm
                                                                                                          • API String ID: 0-1953712011
                                                                                                          • Opcode ID: 5f458415f00c48274a736efb525796b6a242fc0a9122d131060991abe7e8c2f8
                                                                                                          • Instruction ID: 5f9a1f1285b7d7f750b7d94acfd5dbe8d6e549907b891550493341aefba3c67d
                                                                                                          • Opcode Fuzzy Hash: 5f458415f00c48274a736efb525796b6a242fc0a9122d131060991abe7e8c2f8
                                                                                                          • Instruction Fuzzy Hash: 5121D271D01319EBDB55DFE4D84A4EEBFB1FB00318F108699D46966250D7B50B88DF80
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BB1CA1, Relevance: .1, Instructions: 113COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 92%
                                                                                                          			E02BB1CA1(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				char _v520;
				char _v552;
				signed int _v556;
				intOrPtr _v560;
				signed int _v564;
				signed int _v568;
				signed int _v572;
				signed int _v576;
				signed int _v580;
				signed int _v584;
				signed int _v588;
				signed int _v592;
				signed int _v596;
				signed int _v600;
				void* _t99;
				void* _t109;
				void* _t112;
				signed int _t126;
				signed int _t127;
				signed int* _t131;

				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E02BCFE29(_t99);
				_v556 = _v556 & 0x00000000;
				_t131 =  &(( &_v600)[4]);
				_v560 = 0x11afe4;
				_v572 = 0x705fac;
				_v572 = _v572 >> 3;
				_t112 = 0x5dfd87c;
				_v572 = _v572 ^ 0x000e0be5;
				_v600 = 0x66ffbc;
				_v600 = _v600 << 5;
				_v600 = _v600 + 0xffffdeb6;
				_v600 = _v600 >> 3;
				_v600 = _v600 ^ 0x019de099;
				_v564 = 0xb3cc88;
				_v564 = _v564 >> 0xc;
				_v564 = _v564 ^ 0x000695d5;
				_v576 = 0xedaac2;
				_v576 = _v576 | 0x8d88b270;
				_t126 = 0xa;
				_v576 = _v576 / _t126;
				_v576 = _v576 ^ 0x0e34170c;
				_v568 = 0xd34644;
				_v568 = _v568 << 0xd;
				_v568 = _v568 ^ 0x68c9882a;
				_v596 = 0xa76cec;
				_v596 = _v596 + 0xf564;
				_v596 = _v596 | 0x7a23d379;
				_t127 = 0x75;
				_v596 = _v596 / _t127;
				_v596 = _v596 ^ 0x010c78ac;
				_v588 = 0xf6d5ff;
				_v588 = _v588 ^ 0x1e4d5d29;
				_v588 = _v588 | 0xf865f4c1;
				_v588 = _v588 ^ 0xfef0a2a0;
				_v592 = 0xc86264;
				_v592 = _v592 + 0xffff9c97;
				_v592 = _v592 << 0xb;
				_v592 = _v592 + 0x20dd;
				_v592 = _v592 ^ 0x3ff909a0;
				_v584 = 0x196fa2;
				_v584 = _v584 >> 3;
				_v584 = _v584 | 0xe537cc6c;
				_v584 = _v584 ^ 0xe53246df;
				_v580 = 0xb6108b;
				_v580 = _v580 + 0xfdd;
				_v580 = _v580 << 3;
				_v580 = _v580 ^ 0x05ba306f;
				do {
					while(_t112 != 0x5b30f91) {
						if(_t112 == 0x5dfd87c) {
							_t109 = E02BCFE2A(_v600, _v564, _v572,  &_v552);
							_t112 = 0xb74f612;
							continue;
						} else {
							if(_t112 == 0xb74f612) {
								_t109 = E02BB2F80( &_v520, _v576, _v568, _v596);
								_t131 =  &(_t131[3]);
								_t112 = 0x5b30f91;
								continue;
							}
						}
						goto L7;
					}
					E02BC06FE(_v588, _v592, _a8,  &_v520, _v584, _t112,  &_v552, _v580);
					_t131 =  &(_t131[6]);
					_t112 = 0xf20a46f;
					L7:
				} while (_t112 != 0xf20a46f);
				return _t109;
			}























                                                                                                          0x02bb1cab
                                                                                                          0x02bb1cb2
                                                                                                          0x02bb1cb9
                                                                                                          0x02bb1cba
                                                                                                          0x02bb1cbb
                                                                                                          0x02bb1cc0
                                                                                                          0x02bb1cc5
                                                                                                          0x02bb1cc8
                                                                                                          0x02bb1cd2
                                                                                                          0x02bb1cdf
                                                                                                          0x02bb1ce4
                                                                                                          0x02bb1ce6
                                                                                                          0x02bb1cf3
                                                                                                          0x02bb1d00
                                                                                                          0x02bb1d05
                                                                                                          0x02bb1d0d
                                                                                                          0x02bb1d12
                                                                                                          0x02bb1d1a
                                                                                                          0x02bb1d22
                                                                                                          0x02bb1d27
                                                                                                          0x02bb1d2f
                                                                                                          0x02bb1d37
                                                                                                          0x02bb1d45
                                                                                                          0x02bb1d4a
                                                                                                          0x02bb1d50
                                                                                                          0x02bb1d58
                                                                                                          0x02bb1d60
                                                                                                          0x02bb1d65
                                                                                                          0x02bb1d6d
                                                                                                          0x02bb1d75
                                                                                                          0x02bb1d7d
                                                                                                          0x02bb1d89
                                                                                                          0x02bb1d91
                                                                                                          0x02bb1d95
                                                                                                          0x02bb1d9d
                                                                                                          0x02bb1da5
                                                                                                          0x02bb1dad
                                                                                                          0x02bb1db5
                                                                                                          0x02bb1dbd
                                                                                                          0x02bb1dc5
                                                                                                          0x02bb1dcd
                                                                                                          0x02bb1dd2
                                                                                                          0x02bb1dda
                                                                                                          0x02bb1de2
                                                                                                          0x02bb1dea
                                                                                                          0x02bb1def
                                                                                                          0x02bb1df7
                                                                                                          0x02bb1dff
                                                                                                          0x02bb1e07
                                                                                                          0x02bb1e0f
                                                                                                          0x02bb1e14
                                                                                                          0x02bb1e1c
                                                                                                          0x02bb1e1c
                                                                                                          0x02bb1e22
                                                                                                          0x02bb1e55
                                                                                                          0x02bb1e5c
                                                                                                          0x00000000
                                                                                                          0x02bb1e24
                                                                                                          0x02bb1e26
                                                                                                          0x02bb1e38
                                                                                                          0x02bb1e3d
                                                                                                          0x02bb1e40
                                                                                                          0x00000000
                                                                                                          0x02bb1e40
                                                                                                          0x02bb1e26
                                                                                                          0x00000000
                                                                                                          0x02bb1e22
                                                                                                          0x02bb1e82
                                                                                                          0x02bb1e87
                                                                                                          0x02bb1e8a
                                                                                                          0x02bb1e8c
                                                                                                          0x02bb1e8c
                                                                                                          0x02bb1e9a

                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 093d82f95d62312768d893bf8c84c3e2e2046d03e20daec24e1e81ca69d6cf6d
                                                                                                          • Instruction ID: defa284303583edd778afb9540922f8cb7561e45bde675bb999b1f43623dc122
                                                                                                          • Opcode Fuzzy Hash: 093d82f95d62312768d893bf8c84c3e2e2046d03e20daec24e1e81ca69d6cf6d
                                                                                                          • Instruction Fuzzy Hash: 0C5140B61093029FC715DF21D88956FBBE1FBD8748F004A6CF19A96220D3B58A09CF86
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BCFF58, Relevance: .1, Instructions: 97COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 93%
                                                                                                          			E02BCFF58(signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				intOrPtr _t121;
				signed int* _t123;
				intOrPtr _t125;
				signed int _t137;
				signed int _t138;
				signed int _t139;
				signed int _t140;

				_v24 = 0xfb956e;
				_v24 = _v24 ^ 0xccd4b1e5;
				_v24 = _v24 << 2;
				_v24 = _v24 ^ 0x30bd930f;
				_v44 = 0xac147c;
				_t137 = __edx;
				_v44 = _v44 * 0x49;
				_v44 = _v44 ^ 0x31196cd2;
				_v8 = 0x40a8d3;
				_v8 = _v8 | 0x3acc4d3b;
				_v8 = _v8 << 3;
				_v8 = _v8 >> 2;
				_v8 = _v8 ^ 0x3596af33;
				_v40 = 0x7a1af9;
				_v40 = _v40 | 0x9e6699ed;
				_v40 = _v40 ^ 0x9e79921f;
				_v28 = 0x2e80d;
				_v28 = _v28 | 0x96bed856;
				_v28 = _v28 + 0x6398;
				_v28 = _v28 ^ 0x96be47ad;
				_v16 = 0x1a939;
				_v16 = _v16 >> 0xb;
				_v16 = _v16 + 0xffff851f;
				_v16 = _v16 >> 0xc;
				_v16 = _v16 ^ 0x0002802d;
				_v12 = 0x8a82de;
				_v12 = _v12 + 0xffff96d2;
				_v12 = _v12 << 0xd;
				_t138 = 0x7d;
				_v12 = _v12 / _t138;
				_v12 = _v12 ^ 0x00892f26;
				_v48 = 0xf49a5c;
				_v48 = _v48 + 0x7176;
				_v48 = _v48 ^ 0x00fa98c0;
				_v52 = 0x2df28f;
				_t139 = 0x75;
				_v52 = _v52 / _t139;
				_v52 = _v52 ^ 0x0004ae50;
				_v36 = 0xfa4daf;
				_v36 = _v36 << 0xc;
				_t140 = 0x6f;
				_v36 = _v36 * 0x11;
				_v36 = _v36 ^ 0xf2876c8f;
				_v32 = 0x3a5591;
				_v32 = _v32 >> 4;
				_v32 = _v32 >> 0xa;
				_v32 = _v32 ^ 0x00085aff;
				_v20 = 0x5fc7f5;
				_v20 = _v20 / _t140;
				_v20 = _v20 << 0xc;
				_v20 = _v20 >> 9;
				_v20 = _v20 ^ 0x000581a9;
				_push(_v40);
				_push(_v8);
				_push(_v44);
				_t121 = E02BB52B9(E02BCE1F8(_t123, _v24, _v20), _v28, _v16, _v12, _v48);
				_t125 =  *0x2bd620c; // 0x0
				 *((intOrPtr*)(_t125 + 0x14 + _t137 * 4)) = _t121;
				return E02BCFECB(_t120, _v52, _v36, _v32, _v20);
			}






















                                                                                                          0x02bcff5e
                                                                                                          0x02bcff65
                                                                                                          0x02bcff6c
                                                                                                          0x02bcff70
                                                                                                          0x02bcff77
                                                                                                          0x02bcff86
                                                                                                          0x02bcff8a
                                                                                                          0x02bcff8d
                                                                                                          0x02bcff94
                                                                                                          0x02bcff9b
                                                                                                          0x02bcffa2
                                                                                                          0x02bcffa6
                                                                                                          0x02bcffaa
                                                                                                          0x02bcffb1
                                                                                                          0x02bcffb8
                                                                                                          0x02bcffbf
                                                                                                          0x02bcffc6
                                                                                                          0x02bcffcd
                                                                                                          0x02bcffd4
                                                                                                          0x02bcffdb
                                                                                                          0x02bcffe2
                                                                                                          0x02bcffe9
                                                                                                          0x02bcffed
                                                                                                          0x02bcfff4
                                                                                                          0x02bcfff8
                                                                                                          0x02bcffff
                                                                                                          0x02bd0006
                                                                                                          0x02bd000d
                                                                                                          0x02bd0014
                                                                                                          0x02bd0019
                                                                                                          0x02bd001e
                                                                                                          0x02bd0025
                                                                                                          0x02bd002c
                                                                                                          0x02bd0033
                                                                                                          0x02bd003a
                                                                                                          0x02bd0044
                                                                                                          0x02bd0049
                                                                                                          0x02bd004e
                                                                                                          0x02bd0055
                                                                                                          0x02bd005c
                                                                                                          0x02bd0064
                                                                                                          0x02bd0065
                                                                                                          0x02bd0068
                                                                                                          0x02bd006f
                                                                                                          0x02bd0076
                                                                                                          0x02bd007a
                                                                                                          0x02bd007e
                                                                                                          0x02bd0085
                                                                                                          0x02bd0091
                                                                                                          0x02bd0094
                                                                                                          0x02bd0098
                                                                                                          0x02bd009c
                                                                                                          0x02bd00a3
                                                                                                          0x02bd00a6
                                                                                                          0x02bd00a9
                                                                                                          0x02bd00c4
                                                                                                          0x02bd00c9
                                                                                                          0x02bd00d2
                                                                                                          0x02bd00ee

                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 47c2ec91dbf10981cedc7afb24d417e2fd9b4cfe16c93b7d374d0477d216cb29
                                                                                                          • Instruction ID: 51d6a64501bcaad2b951fb6253b9d15eb9f57c0b2c7ee2013dc932b8621d236b
                                                                                                          • Opcode Fuzzy Hash: 47c2ec91dbf10981cedc7afb24d417e2fd9b4cfe16c93b7d374d0477d216cb29
                                                                                                          • Instruction Fuzzy Hash: 1241FE71D0122DEBCF09DFA5D94A4EEBFB2FB48314F108199D521B6220D3B90A59DF94
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BC4244, Relevance: .1, Instructions: 91COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 92%
                                                                                                          			E02BC4244(void* __ecx, void* __edx, void* __eflags) {
				signed int* _t49;
				signed int _t51;
				unsigned int* _t65;
				signed int _t66;
				signed int _t68;
				signed int _t72;
				unsigned int _t73;
				unsigned int _t74;
				unsigned int* _t77;
				signed int* _t78;
				signed int* _t79;
				unsigned int _t81;
				void* _t87;
				void* _t89;
				void* _t91;
				void* _t93;

				_push( *(_t91 + 0x2c));
				_push( *(_t91 + 0x2c));
				_push( *((intOrPtr*)(_t91 + 0x18)));
				_t49 = E02BCFE29( *((intOrPtr*)(_t91 + 0x18)));
				 *(_t91 + 0x28) = 0x3d5cbc;
				_t5 =  &(_t49[1]); // 0x4
				_t78 = _t5;
				 *(_t91 + 0x28) =  *(_t91 + 0x28) | 0x6bd7da0a;
				 *(_t91 + 0x28) =  *(_t91 + 0x28) ^ 0x6bf86309;
				 *(_t91 + 0x38) = 0xea1d3d;
				 *(_t91 + 0x38) =  *(_t91 + 0x38) | 0x10653bc0;
				 *(_t91 + 0x38) =  *(_t91 + 0x38) ^ 0x4ee4a363;
				 *(_t91 + 0x38) =  *(_t91 + 0x38) | 0xb4800a62;
				 *(_t91 + 0x38) =  *(_t91 + 0x38) ^ 0xfe847125;
				 *(_t91 + 0x24) = 0x45f786;
				 *(_t91 + 0x24) =  *(_t91 + 0x24) | 0x34f761f8;
				 *(_t91 + 0x24) =  *(_t91 + 0x24) ^ 0x34f5c6b3;
				 *(_t91 + 0x20) = 0xc15f52;
				 *(_t91 + 0x20) =  *(_t91 + 0x20) ^ 0x92036f91;
				 *(_t91 + 0x20) =  *(_t91 + 0x20) ^ 0x92c36404;
				_t68 =  *_t49;
				_t79 =  &(_t78[1]);
				_t51 =  *_t78 ^ _t68;
				 *(_t91 + 0x2c) = _t68;
				 *(_t91 + 0x30) = _t51;
				_t31 = _t51 + 1; // 0x1
				_t81 =  !=  ? (_t31 & 0xfffffffc) + 4 : _t31;
				_t65 = E02BBC5D8(_t81);
				_t93 = _t91 + 0x18;
				 *(_t93 + 0x24) = _t65;
				if(_t65 != 0) {
					_t89 = 0;
					_t77 = _t65;
					_t87 =  >  ? 0 :  &(_t79[_t81 >> 2]) - _t79 + 3 >> 2;
					if(_t87 != 0) {
						_t66 =  *(_t93 + 0x1c);
						do {
							_t72 =  *_t79;
							_t79 =  &(_t79[1]);
							_t73 = _t72 ^ _t66;
							 *_t77 = _t73;
							_t77 =  &(_t77[1]);
							_t74 = _t73 >> 0x10;
							 *((char*)(_t77 - 3)) = _t73 >> 8;
							 *(_t77 - 2) = _t74;
							_t89 = _t89 + 1;
							 *((char*)(_t77 - 1)) = _t74 >> 8;
						} while (_t89 < _t87);
						_t65 =  *(_t93 + 0x28);
					}
					 *((char*)(_t65 +  *((intOrPtr*)(_t93 + 0x20)))) = 0;
				}
				return _t65;
			}



















                                                                                                          0x02bc424e
                                                                                                          0x02bc4252
                                                                                                          0x02bc4256
                                                                                                          0x02bc4259
                                                                                                          0x02bc425e
                                                                                                          0x02bc4266
                                                                                                          0x02bc4266
                                                                                                          0x02bc4269
                                                                                                          0x02bc4271
                                                                                                          0x02bc4279
                                                                                                          0x02bc4281
                                                                                                          0x02bc4289
                                                                                                          0x02bc4291
                                                                                                          0x02bc4299
                                                                                                          0x02bc42a1
                                                                                                          0x02bc42a9
                                                                                                          0x02bc42b1
                                                                                                          0x02bc42b9
                                                                                                          0x02bc42c1
                                                                                                          0x02bc42c9
                                                                                                          0x02bc42d1
                                                                                                          0x02bc42d5
                                                                                                          0x02bc42d8
                                                                                                          0x02bc42da
                                                                                                          0x02bc42de
                                                                                                          0x02bc42e2
                                                                                                          0x02bc42f2
                                                                                                          0x02bc430e
                                                                                                          0x02bc4310
                                                                                                          0x02bc4313
                                                                                                          0x02bc4319
                                                                                                          0x02bc4321
                                                                                                          0x02bc4323
                                                                                                          0x02bc4334
                                                                                                          0x02bc4339
                                                                                                          0x02bc433b
                                                                                                          0x02bc433f
                                                                                                          0x02bc433f
                                                                                                          0x02bc4341
                                                                                                          0x02bc4344
                                                                                                          0x02bc4346
                                                                                                          0x02bc434d
                                                                                                          0x02bc4350
                                                                                                          0x02bc4353
                                                                                                          0x02bc4356
                                                                                                          0x02bc435c
                                                                                                          0x02bc435d
                                                                                                          0x02bc4360
                                                                                                          0x02bc4364
                                                                                                          0x02bc4364
                                                                                                          0x02bc436d
                                                                                                          0x02bc436d
                                                                                                          0x02bc4379

                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 37e89cb84dd8fa63864b63d4cf921de512c7c968c9f482bdb6f048739d92c7a5
                                                                                                          • Instruction ID: 1efdf78c311627cbdd647c9a8a57f7ad355cb60a18c85d237e99a9972a658fde
                                                                                                          • Opcode Fuzzy Hash: 37e89cb84dd8fa63864b63d4cf921de512c7c968c9f482bdb6f048739d92c7a5
                                                                                                          • Instruction Fuzzy Hash: 02317A726083418FC305CF28948195BFBE0FBC8618F554BADF88AA7221D774DA09CB96
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BC3D85, Relevance: .1, Instructions: 86COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 91%
                                                                                                          			E02BC3D85(void* __ecx, signed int* __edx, void* __eflags, signed int* _a4, intOrPtr _a8) {
				signed int _v4;
				signed int _v8;
				unsigned int _v12;
				unsigned int _v16;
				signed int _v20;
				signed int _v24;
				void* _t46;
				signed int _t49;
				signed int* _t63;
				void* _t69;
				signed int _t72;
				void* _t77;
				unsigned int _t79;
				void* _t81;
				signed int* _t82;
				signed int* _t83;
				void* _t84;

				_t63 = _a4;
				_push(_a8);
				_push(_t63);
				_push(__edx);
				E02BCFE29(_t46);
				_v12 = 0xc30617;
				_t82 =  &(__edx[1]);
				_v12 = _v12 >> 8;
				_v12 = _v12 ^ 0x0000aeb3;
				_v20 = 0xf93b19;
				_v20 = _v20 * 0x55;
				_v20 = _v20 ^ 0x85e9037f;
				_v20 = _v20 + 0xffff2dcc;
				_v20 = _v20 ^ 0xd720e096;
				_v16 = 0x37fa8e;
				_v16 = _v16 ^ 0xc309fd15;
				_v16 = _v16 >> 7;
				_v16 = _v16 ^ 0x018ad68f;
				_v24 = 0x2aa640;
				_v24 = _v24 | 0xaf302e4c;
				_v24 = _v24 << 2;
				_v24 = _v24 | 0xa0025b53;
				_v24 = _v24 ^ 0xbce807cd;
				_t49 =  *__edx;
				_t83 =  &(_t82[1]);
				_t72 =  *_t82 ^ _t49;
				_v8 = _t49;
				_v4 = _t72;
				_t79 =  !=  ? (_t72 & 0xfffffffc) + 4 : _t72;
				_t84 = E02BBC5D8(_t79);
				if(_t84 == 0) {
					L6:
					return _t84;
				}
				_t81 = 0;
				_t77 =  >  ? 0 :  &(_t83[_t79 >> 2]) - _t83 + 3 >> 2;
				if(_t77 == 0) {
					L4:
					if(_t63 != 0) {
						 *_t63 = _v4;
					}
					goto L6;
				}
				_t69 = _t84 - _t83;
				do {
					_t81 = _t81 + 1;
					 *(_t69 + _t83) =  *_t83 ^ _v8;
					_t83 =  &(_t83[1]);
				} while (_t81 < _t77);
				goto L4;
			}




















                                                                                                          0x02bc3d89
                                                                                                          0x02bc3d90
                                                                                                          0x02bc3d94
                                                                                                          0x02bc3d95
                                                                                                          0x02bc3d97
                                                                                                          0x02bc3d9c
                                                                                                          0x02bc3da4
                                                                                                          0x02bc3da7
                                                                                                          0x02bc3dac
                                                                                                          0x02bc3db4
                                                                                                          0x02bc3dc1
                                                                                                          0x02bc3dc5
                                                                                                          0x02bc3dcd
                                                                                                          0x02bc3dd5
                                                                                                          0x02bc3ddd
                                                                                                          0x02bc3de5
                                                                                                          0x02bc3ded
                                                                                                          0x02bc3df2
                                                                                                          0x02bc3dfa
                                                                                                          0x02bc3e02
                                                                                                          0x02bc3e0a
                                                                                                          0x02bc3e0f
                                                                                                          0x02bc3e17
                                                                                                          0x02bc3e1f
                                                                                                          0x02bc3e23
                                                                                                          0x02bc3e26
                                                                                                          0x02bc3e28
                                                                                                          0x02bc3e2e
                                                                                                          0x02bc3e3f
                                                                                                          0x02bc3e5b
                                                                                                          0x02bc3e62
                                                                                                          0x02bc3ea2
                                                                                                          0x02bc3ea9
                                                                                                          0x02bc3ea9
                                                                                                          0x02bc3e6c
                                                                                                          0x02bc3e7a
                                                                                                          0x02bc3e7f
                                                                                                          0x02bc3e96
                                                                                                          0x02bc3e98
                                                                                                          0x02bc3e9e
                                                                                                          0x02bc3e9e
                                                                                                          0x00000000
                                                                                                          0x02bc3e98
                                                                                                          0x02bc3e83
                                                                                                          0x02bc3e85
                                                                                                          0x02bc3e8b
                                                                                                          0x02bc3e8c
                                                                                                          0x02bc3e8f
                                                                                                          0x02bc3e92
                                                                                                          0x00000000

                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 69d5b5b74808eb49daa8270ee7dfe51a587ad052fe83dd9d48b36d2eab0a3116
                                                                                                          • Instruction ID: 6a57af3b0bb285a3fd904a167003cb73a887f21028a57919f6791716c9b6632c
                                                                                                          • Opcode Fuzzy Hash: 69d5b5b74808eb49daa8270ee7dfe51a587ad052fe83dd9d48b36d2eab0a3116
                                                                                                          • Instruction Fuzzy Hash: 343189726083018FC318DF29C98545BBBE2FBC871CF548B6DE489A3214DB74DA058B56
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BBF0E9, Relevance: .1, Instructions: 70COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 85%
                                                                                                          			E02BBF0E9(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				void* _t69;
				signed int _t83;
				signed int _t84;
				signed int _t85;
				signed int _t86;
				signed int _t87;

				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E02BCFE29(_t69);
				_v8 = 0x819b57;
				_v8 = _v8 >> 0x10;
				_t83 = 0x17;
				_v8 = _v8 / _t83;
				_v8 = _v8 >> 0xf;
				_v8 = _v8 ^ 0x00008000;
				_v24 = 0x7d8883;
				_v24 = _v24 >> 0xd;
				_v24 = _v24 + 0xffff5cfc;
				_v24 = _v24 ^ 0xfff105d0;
				_v16 = 0x4e701e;
				_v16 = _v16 ^ 0xb2bd4297;
				_t84 = 0x5b;
				_v16 = _v16 / _t84;
				_t85 = 0x7f;
				_v16 = _v16 / _t85;
				_v16 = _v16 ^ 0x000cfa43;
				_v12 = 0xc80371;
				_t86 = 0x37;
				_v12 = _v12 / _t86;
				_v12 = _v12 >> 1;
				_t87 = 0x79;
				_v12 = _v12 / _t87;
				_v12 = _v12 ^ 0x0004b486;
				_v20 = 0xa43314;
				_v20 = _v20 << 3;
				_v20 = _v20 + 0xa205;
				_v20 = _v20 ^ 0x052abea0;
				return E02BBF8A9(_v24, _v16, __edx, _v12, _v8, _v20);
			}














                                                                                                          0x02bbf0f0
                                                                                                          0x02bbf0f5
                                                                                                          0x02bbf0f8
                                                                                                          0x02bbf0f9
                                                                                                          0x02bbf0fa
                                                                                                          0x02bbf0ff
                                                                                                          0x02bbf108
                                                                                                          0x02bbf111
                                                                                                          0x02bbf116
                                                                                                          0x02bbf11b
                                                                                                          0x02bbf11f
                                                                                                          0x02bbf126
                                                                                                          0x02bbf12d
                                                                                                          0x02bbf131
                                                                                                          0x02bbf138
                                                                                                          0x02bbf13f
                                                                                                          0x02bbf146
                                                                                                          0x02bbf150
                                                                                                          0x02bbf155
                                                                                                          0x02bbf15d
                                                                                                          0x02bbf162
                                                                                                          0x02bbf167
                                                                                                          0x02bbf16e
                                                                                                          0x02bbf178
                                                                                                          0x02bbf17d
                                                                                                          0x02bbf182
                                                                                                          0x02bbf188
                                                                                                          0x02bbf18b
                                                                                                          0x02bbf18e
                                                                                                          0x02bbf195
                                                                                                          0x02bbf19c
                                                                                                          0x02bbf1a0
                                                                                                          0x02bbf1a7
                                                                                                          0x02bbf1ca

                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: f7bc40e7220c11a054e5cb1e3d04733d7eea9a3290a44af2851a921ba079d4ed
                                                                                                          • Instruction ID: 55a117e8aaa42d965e3f8030b6df9b2aaea8c83077da300b9006e9ab88a5dd00
                                                                                                          • Opcode Fuzzy Hash: f7bc40e7220c11a054e5cb1e3d04733d7eea9a3290a44af2851a921ba079d4ed
                                                                                                          • Instruction Fuzzy Hash: DA211776E00209EBDF08CFE5C9099EEBBB2EB54314F20C09AE5146B290D7B55B54DF80
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BC567B, Relevance: .1, Instructions: 70COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 100%
                                                                                                          			E02BC567B(void* __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _t66;
				void* _t70;
				signed int _t71;
				signed int _t72;
				intOrPtr* _t81;
				intOrPtr* _t82;
				void* _t83;

				_v16 = 0x3cd044;
				_v16 = _v16 + 0x8a1e;
				_t70 = __edx;
				_t71 = 0x23;
				_v16 = _v16 / _t71;
				_v16 = _v16 ^ 0x000ceb59;
				_v20 = 0x98fec3;
				_v20 = _v20 + 0x117b;
				_v20 = _v20 ^ 0x00928bce;
				_v12 = 0xc66557;
				_v12 = _v12 | 0xbd5cb058;
				_t72 = 0x6a;
				_v12 = _v12 / _t72;
				_v12 = _v12 * 0x5e;
				_v12 = _v12 ^ 0xa86b283b;
				_v8 = 0xf205aa;
				_v8 = _v8 ^ 0x840ccd49;
				_v8 = _v8 + 0x2990;
				_v8 = _v8 >> 0xc;
				_v8 = _v8 ^ 0x0003f43b;
				_v28 = 0xeebda;
				_v28 = _v28 + 0xdccc;
				_v28 = _v28 ^ 0x00000347;
				_v24 = 0xa36d5e;
				_v24 = _v24 | 0xd0b00948;
				_v24 = _v24 ^ 0xd0bd6ebb;
				_t81 =  *((intOrPtr*)(E02BBF7F7() + 0xc)) + 0xc;
				_t82 =  *_t81;
				while(_t82 != _t81) {
					_t66 = E02BBEFE1(_v8, _v28, _v24,  *((intOrPtr*)(_t82 + 0x30)));
					_t83 = _t83 + 0xc;
					if((_t66 ^ 0x2d567c83) == _t70) {
						return  *((intOrPtr*)(_t82 + 0x18));
					}
					_t82 =  *_t82;
				}
				return 0;
			}
















                                                                                                          0x02bc5681
                                                                                                          0x02bc5688
                                                                                                          0x02bc5695
                                                                                                          0x02bc569b
                                                                                                          0x02bc56a0
                                                                                                          0x02bc56a5
                                                                                                          0x02bc56ac
                                                                                                          0x02bc56b3
                                                                                                          0x02bc56ba
                                                                                                          0x02bc56c1
                                                                                                          0x02bc56c8
                                                                                                          0x02bc56d2
                                                                                                          0x02bc56d5
                                                                                                          0x02bc56dc
                                                                                                          0x02bc56df
                                                                                                          0x02bc56e6
                                                                                                          0x02bc56ed
                                                                                                          0x02bc56f4
                                                                                                          0x02bc56fb
                                                                                                          0x02bc56ff
                                                                                                          0x02bc5706
                                                                                                          0x02bc570d
                                                                                                          0x02bc5714
                                                                                                          0x02bc571b
                                                                                                          0x02bc5722
                                                                                                          0x02bc5729
                                                                                                          0x02bc573e
                                                                                                          0x02bc5741
                                                                                                          0x02bc5767
                                                                                                          0x02bc5754
                                                                                                          0x02bc575e
                                                                                                          0x02bc5763
                                                                                                          0x00000000
                                                                                                          0x02bc5774
                                                                                                          0x02bc5765
                                                                                                          0x02bc5765
                                                                                                          0x00000000

                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: f55cd74c2952393ab5aca3dee7201afe3819bdbfddab02328eb5f9b09f94cb42
                                                                                                          • Instruction ID: 5b1b0e7e661c567e7e7edffd17e26f888c3cd67e2fe24896e1983fcc58bda46c
                                                                                                          • Opcode Fuzzy Hash: f55cd74c2952393ab5aca3dee7201afe3819bdbfddab02328eb5f9b09f94cb42
                                                                                                          • Instruction Fuzzy Hash: 0F312772E00209EBDB68DFA5C98A8AEFBB1FB40314F2480ADD515B7210D7B46B558F80
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BC0EBC, Relevance: .1, Instructions: 58COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 58%
                                                                                                          			E02BC0EBC(signed int __ecx, void* __edx, intOrPtr _a4, intOrPtr _a12, intOrPtr _a16, intOrPtr _a28, intOrPtr _a32) {
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				unsigned int _v20;
				void* _t44;
				intOrPtr* _t51;

				E02BCFE29(_t44);
				_v20 = 0x5f9276;
				_v20 = _v20 >> 6;
				_v20 = _v20 >> 0xa;
				_v20 = _v20 ^ 0x0000ae6f;
				_v16 = 0x7df0fb;
				_v16 = _v16 >> 0xb;
				_v16 = _v16 ^ 0x9952d77b;
				_v16 = _v16 ^ 0x9951c792;
				_v12 = 0xf93209;
				_v12 = _v12 | 0xf37a8f1a;
				_v12 = _v12 + 0xffff09ac;
				_v12 = _v12 + 0xa761;
				_v12 = _v12 ^ 0xf3f42664;
				_v8 = 0x4c6886;
				_v8 = _v8 ^ 0x2aaf40fd;
				_v8 = _v8 * 0x7c;
				_v8 = _v8 >> 5;
				_v8 = _v8 ^ 0x0632021c;
				_t51 = E02BBEB52(__ecx, __ecx, 0xc0c22a7, 0x4d, 0xa2289af1);
				return  *_t51(0, 0, _a32, _a28, 0, 0, __ecx, 0, _a4, 0, _a12, _a16, 0, 0, _a28, _a32);
			}









                                                                                                          0x02bc0ed9
                                                                                                          0x02bc0ede
                                                                                                          0x02bc0ee8
                                                                                                          0x02bc0eec
                                                                                                          0x02bc0ef0
                                                                                                          0x02bc0ef7
                                                                                                          0x02bc0efe
                                                                                                          0x02bc0f02
                                                                                                          0x02bc0f09
                                                                                                          0x02bc0f10
                                                                                                          0x02bc0f17
                                                                                                          0x02bc0f1e
                                                                                                          0x02bc0f25
                                                                                                          0x02bc0f2c
                                                                                                          0x02bc0f33
                                                                                                          0x02bc0f3a
                                                                                                          0x02bc0f52
                                                                                                          0x02bc0f55
                                                                                                          0x02bc0f59
                                                                                                          0x02bc0f6d
                                                                                                          0x02bc0f85

                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 28b9a31d6d310fd66289eca8aff00d608e2121ecbf4137da26fc55f628ae5085
                                                                                                          • Instruction ID: 1341d00f4b3d39145e67bc6e97a2ed9ec9f9f01d6b23bce02508c1ae6991efb2
                                                                                                          • Opcode Fuzzy Hash: 28b9a31d6d310fd66289eca8aff00d608e2121ecbf4137da26fc55f628ae5085
                                                                                                          • Instruction Fuzzy Hash: 51210071801219FBCF19DFA1CD498DEBFB4FF08354F108688A558A2220D3758A14DF91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BBEF0C, Relevance: .1, Instructions: 56COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 95%
                                                                                                          			E02BBEF0C(void* __ecx, signed int __edx, void* __eflags) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				char _v28;
				signed int _v32;
				signed int _t57;
				signed int _t67;

				_v28 = 4;
				_v24 = 0xd6e1b5;
				_v24 = _v24 | 0x5e4e7cd1;
				_v24 = _v24 >> 0x10;
				_v24 = _v24 ^ 0x20005ede;
				_v12 = 0x35fbf9;
				_v12 = _v12 << 2;
				_v12 = _v12 + 0xffffd421;
				_v12 = _v12 >> 5;
				_v12 = _v12 ^ 0x000779ff;
				_v8 = 0xb66603;
				_v8 = _v8 | 0x4ba1ba6b;
				_v8 = _v8 ^ 0x6df4d1b9;
				_v8 = _v8 ^ 0x1286fe83;
				_v8 = _v8 ^ 0x34cd5dfe;
				_v20 = 0x1bb0b6;
				_v20 = _v20 | 0x21937f20;
				_v20 = _v20 << 4;
				_v20 = _v20 ^ 0x19bd1c5b;
				_v16 = 0xd95204;
				_v16 = _v16 ^ 0x6876e9a1;
				_t67 = 0x62;
				_v16 = _v16 / _t67;
				_v16 = _v16 ^ 0x01180520;
				_t57 = E02BC60B8(_v12, _v24 | __edx, _v8,  &_v28,  &_v32, __ecx, __ecx, _v20, _v16);
				asm("sbb eax, eax");
				return  ~_t57 & _v32;
			}












                                                                                                          0x02bbef12
                                                                                                          0x02bbef19
                                                                                                          0x02bbef20
                                                                                                          0x02bbef27
                                                                                                          0x02bbef2b
                                                                                                          0x02bbef32
                                                                                                          0x02bbef39
                                                                                                          0x02bbef3d
                                                                                                          0x02bbef44
                                                                                                          0x02bbef48
                                                                                                          0x02bbef4f
                                                                                                          0x02bbef56
                                                                                                          0x02bbef5d
                                                                                                          0x02bbef64
                                                                                                          0x02bbef6b
                                                                                                          0x02bbef72
                                                                                                          0x02bbef79
                                                                                                          0x02bbef80
                                                                                                          0x02bbef84
                                                                                                          0x02bbef8d
                                                                                                          0x02bbef96
                                                                                                          0x02bbefa4
                                                                                                          0x02bbefa7
                                                                                                          0x02bbefad
                                                                                                          0x02bbefcc
                                                                                                          0x02bbefd6
                                                                                                          0x02bbefe0

                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 0453756cfbe0a422653622112b7418f35eca55d4e05d609691c55542fdca0349
                                                                                                          • Instruction ID: c90e6f392064b4776f9a5bd61e1a647f06690aaf7c721edb74d563a0f0d46561
                                                                                                          • Opcode Fuzzy Hash: 0453756cfbe0a422653622112b7418f35eca55d4e05d609691c55542fdca0349
                                                                                                          • Instruction Fuzzy Hash: 7021E572C0120DABDB09DFE5CA4A5EFFBB5EB44204F608199D512B6110D3B54B059FA1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BBC5D8, Relevance: .1, Instructions: 53COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 100%
                                                                                                          			E02BBC5D8(intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _t69;
				signed int _t70;

				_v32 = _v32 & 0x00000000;
				_v36 = 0xa0afa0;
				_v28 = 0x9adc8d;
				_v28 = _v28 ^ 0x90925320;
				_v28 = _v28 ^ 0x90088fa5;
				_v24 = 0x1cb3a6;
				_v24 = _v24 << 0x10;
				_v24 = _v24 ^ 0xb3a3d0bd;
				_v8 = 0xc8bfd2;
				_v8 = _v8 >> 6;
				_v8 = _v8 + 0x77b2;
				_t69 = 0x16;
				_v8 = _v8 / _t69;
				_v8 = _v8 ^ 0x0000123c;
				_v20 = 0x3ff815;
				_v20 = _v20 | 0x9e661a12;
				_v20 = _v20 + 0x3006;
				_v20 = _v20 ^ 0x9e825c55;
				_v12 = 0xda9b76;
				_t70 = 0x6b;
				_v12 = _v12 / _t70;
				_v12 = _v12 | 0xed94e7c2;
				_v12 = _v12 + 0xffffd684;
				_v12 = _v12 ^ 0xed94606e;
				_v16 = 0x191c50;
				_v16 = _v16 >> 0xa;
				_v16 = _v16 >> 7;
				_v16 = _v16 ^ 0x00013f6e;
				return E02BC648A(_a4, _v20, _v12, _v16, E02BD28EB(), _v28);
			}













                                                                                                          0x02bbc5de
                                                                                                          0x02bbc5e4
                                                                                                          0x02bbc5eb
                                                                                                          0x02bbc5f2
                                                                                                          0x02bbc5f9
                                                                                                          0x02bbc600
                                                                                                          0x02bbc607
                                                                                                          0x02bbc60b
                                                                                                          0x02bbc612
                                                                                                          0x02bbc619
                                                                                                          0x02bbc61d
                                                                                                          0x02bbc629
                                                                                                          0x02bbc62e
                                                                                                          0x02bbc633
                                                                                                          0x02bbc63a
                                                                                                          0x02bbc641
                                                                                                          0x02bbc648
                                                                                                          0x02bbc64f
                                                                                                          0x02bbc656
                                                                                                          0x02bbc660
                                                                                                          0x02bbc663
                                                                                                          0x02bbc666
                                                                                                          0x02bbc66d
                                                                                                          0x02bbc674
                                                                                                          0x02bbc67b
                                                                                                          0x02bbc682
                                                                                                          0x02bbc686
                                                                                                          0x02bbc68a
                                                                                                          0x02bbc6b7

                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: dff3ba8f753cea4a216cf5286b6b65d773786d22712bd0b12a3c0018268a50f8
                                                                                                          • Instruction ID: 401ce6f53f6736166c6080803898ae2392e3d7d6eb5fbdda6943c1eb29d2cfa6
                                                                                                          • Opcode Fuzzy Hash: dff3ba8f753cea4a216cf5286b6b65d773786d22712bd0b12a3c0018268a50f8
                                                                                                          • Instruction Fuzzy Hash: B421FDB5D0020DEBDB08DFE1C98A4EEBBB2BB54718F208088D525B6264D7B94B54CF91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02BBF7F7, Relevance: .0, Instructions: 2COMMON
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 100%
                                                                                                          			E02BBF7F7() {

				return  *[fs:0x30];
			}



                                                                                                          0x02bbf7fd

                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.706047183.0000000002BB1000.00000020.00000001.sdmp, Offset: 02BB0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.706036516.0000000002BB0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.706086904.0000000002BD6000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2bb0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 6cae658f33ca92bcc76ffcd72798f6487763aeebc788fd534dd3d52e563a93f0
                                                                                                          • Instruction ID: 25aae2582423029eb19f4489c776d3d70638aac6ce1da4afce0c8a8e650509f3
                                                                                                          • Opcode Fuzzy Hash: 6cae658f33ca92bcc76ffcd72798f6487763aeebc788fd534dd3d52e563a93f0
                                                                                                          • Instruction Fuzzy Hash:
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Analysis Process: regsvr32.exe PID: 6856 Parent PID: 6800 regsvr32.exeCOMMON

                                                                                                          Execution Graph

                                                                                                          Execution Coverage:5.1%
                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                          Signature Coverage:6.9%
                                                                                                          Total number of Nodes:450
                                                                                                          Total number of Limit Nodes:17

                                                                                                          Graph

                                                                                                          execution_graph 21114 100036a0 21117 1002e654 21114->21117 21118 1002e707 21117->21118 21128 1002e666 21117->21128 21142 1003654f 6 API calls __decode_pointer 21118->21142 21120 1002e70d 21143 10030d24 66 API calls __getptd_noexit 21120->21143 21125 1002e6c3 RtlAllocateHeap 21125->21128 21126 1002e677 21126->21128 21135 10036507 66 API calls 2 library calls 21126->21135 21136 1003635c 66 API calls 7 library calls 21126->21136 21137 100306e0 GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 21126->21137 21128->21125 21128->21126 21129 1002e6f3 21128->21129 21132 1002e6f8 21128->21132 21134 100036c0 21128->21134 21138 1002e605 66 API calls 4 library calls 21128->21138 21139 1003654f 6 API calls __decode_pointer 21128->21139 21140 10030d24 66 API calls __getptd_noexit 21129->21140 21141 10030d24 66 API calls __getptd_noexit 21132->21141 21135->21126 21136->21126 21138->21128 21139->21128 21140->21132 21141->21134 21142->21120 21143->21134 21144 10003440 21145 1000344f 21144->21145 21147 10003454 21144->21147 21150 100033f0 66 API calls _malloc 21145->21150 21148 1002e654 _malloc 66 API calls 21147->21148 21149 10003464 21147->21149 21148->21149 21150->21147 21151 10003160 21154 10002d40 21151->21154 21189 100024a0 21154->21189 21157 10002d83 SetLastError 21180 10002d69 21157->21180 21158 10002d95 21159 100024a0 SetLastError 21158->21159 21160 10002dae 21159->21160 21161 10002dd0 SetLastError 21160->21161 21162 10002de2 21160->21162 21160->21180 21161->21180 21163 10002df1 SetLastError 21162->21163 21164 10002e03 21162->21164 21163->21180 21165 10002e0e SetLastError 21164->21165 21167 10002e20 GetNativeSystemInfo 21164->21167 21165->21180 21168 10002ed4 SetLastError 21167->21168 21169 10002ee6 VirtualAlloc 21167->21169 21168->21180 21170 10002f32 GetProcessHeap HeapAlloc 21169->21170 21171 10002f07 VirtualAlloc 21169->21171 21173 10002f6c 21170->21173 21174 10002f4c VirtualFree SetLastError 21170->21174 21171->21170 21172 10002f23 SetLastError 21171->21172 21172->21180 21175 100024a0 SetLastError 21173->21175 21174->21180 21176 10002fce 21175->21176 21177 10002fdc VirtualAlloc 21176->21177 21187 10002fd2 21176->21187 21178 1000300b 21177->21178 21192 100024d0 21178->21192 21182 1000303f 21182->21187 21202 10002ab0 21182->21202 21186 100030a8 21186->21187 21188 1000310f SetLastError 21186->21188 21187->21180 21221 10003310 VirtualFree VirtualFree GetProcessHeap HeapFree 21187->21221 21188->21187 21190 100024bb 21189->21190 21191 100024af SetLastError 21189->21191 21190->21157 21190->21158 21190->21180 21191->21190 21193 10002500 21192->21193 21194 10002593 21193->21194 21195 1000253c VirtualAlloc 21193->21195 21201 100025b0 21193->21201 21196 100024a0 SetLastError 21194->21196 21197 10002560 21195->21197 21200 10002567 21195->21200 21198 100025ac 21196->21198 21197->21201 21199 100025b4 VirtualAlloc 21198->21199 21198->21201 21199->21201 21200->21193 21201->21182 21203 10002ae9 IsBadReadPtr 21202->21203 21212 10002adf 21202->21212 21205 10002b13 21203->21205 21203->21212 21206 10002b45 SetLastError 21205->21206 21207 10002b59 21205->21207 21205->21212 21206->21212 21222 100023c0 VirtualQuery VirtualFree VirtualAlloc 21207->21222 21209 10002b73 21210 10002b7f SetLastError 21209->21210 21213 10002ba9 21209->21213 21210->21212 21212->21187 21215 100027c0 21212->21215 21213->21212 21214 10002cb9 SetLastError 21213->21214 21214->21212 21216 10002808 21215->21216 21217 10002911 21216->21217 21219 100028ed 21216->21219 21223 10002690 21216->21223 21218 10002690 2 API calls 21217->21218 21218->21219 21219->21186 21221->21180 21222->21209 21224 100026ac 21223->21224 21225 100026a2 21223->21225 21227 10002714 VirtualProtect 21224->21227 21228 100026ba 21224->21228 21225->21216 21227->21225 21228->21225 21229 100026f2 VirtualFree 21228->21229 21229->21225 21230 10024d50 21235 1002b0bb 21230->21235 21232 10024d82 21233 10024d5f 21233->21232 21246 1002acfb 21233->21246 21238 1002b0c7 __EH_prolog3 21235->21238 21237 1002b115 21273 1002ac8f EnterCriticalSection 21237->21273 21238->21237 21254 1002aec4 TlsAlloc 21238->21254 21258 1002adac EnterCriticalSection 21238->21258 21280 10023b5b 77 API calls 3 library calls 21238->21280 21243 1002b13b std::runtime_error::runtime_error 21243->21233 21244 1002b128 21281 1002af6b 87 API calls 4 library calls 21244->21281 21247 1002ad07 __EH_prolog3_catch 21246->21247 21248 1002ad30 std::runtime_error::runtime_error 21247->21248 21289 1002a6ab 21247->21289 21248->21233 21250 1002ad16 21251 1002ad23 21250->21251 21299 10024d0b 21250->21299 21302 1002a71d 78 API calls ~_Task_impl 21251->21302 21255 1002aef0 21254->21255 21256 1002aef5 InitializeCriticalSection 21254->21256 21282 10023b23 77 API calls 3 library calls 21255->21282 21256->21238 21263 1002adcf 21258->21263 21259 1002ae8e _memset 21260 1002aea5 LeaveCriticalSection 21259->21260 21260->21238 21261 1002ae08 21283 10023778 21261->21283 21262 1002ae1d GlobalHandle GlobalUnlock 21265 10023778 ctype 79 API calls 21262->21265 21263->21259 21263->21261 21263->21262 21267 1002ae3b GlobalReAlloc 21265->21267 21268 1002ae47 21267->21268 21269 1002ae6e GlobalLock 21268->21269 21270 1002ae52 GlobalHandle GlobalLock 21268->21270 21271 1002ae60 LeaveCriticalSection 21268->21271 21269->21259 21270->21271 21287 10023b23 77 API calls 3 library calls 21271->21287 21274 1002acd1 LeaveCriticalSection 21273->21274 21275 1002acaa 21273->21275 21276 1002acda 21274->21276 21275->21274 21277 1002acaf TlsGetValue 21275->21277 21276->21243 21276->21244 21277->21274 21278 1002acbb 21277->21278 21278->21274 21279 1002acc0 LeaveCriticalSection 21278->21279 21279->21276 21280->21238 21281->21243 21282->21256 21284 1002378d ctype 21283->21284 21285 1002379a GlobalAlloc 21284->21285 21288 10001650 79 API calls ctype 21284->21288 21285->21268 21287->21269 21288->21285 21290 1002a6c0 21289->21290 21291 1002a6bb 21289->21291 21293 1002a6ce 21290->21293 21304 1002a687 InitializeCriticalSection 21290->21304 21303 10023b5b 77 API calls 3 library calls 21291->21303 21295 1002a6e0 EnterCriticalSection 21293->21295 21296 1002a70a EnterCriticalSection 21293->21296 21297 1002a6ff LeaveCriticalSection 21295->21297 21298 1002a6ec InitializeCriticalSection 21295->21298 21296->21250 21297->21296 21298->21297 21305 10024bd0 21299->21305 21301 10024d17 21301->21251 21302->21248 21303->21290 21304->21293 21306 10024bdc __EH_prolog3_catch 21305->21306 21325 1001e8f0 21306->21325 21312 10024c76 21334 1002ac5c 78 API calls ctype 21312->21334 21314 10024c85 21315 10024c97 21314->21315 21335 100248e2 116 API calls 2 library calls 21314->21335 21336 1002ac5c 78 API calls ctype 21315->21336 21318 10024caa 21319 10024cbc 21318->21319 21337 10024b06 116 API calls 2 library calls 21318->21337 21338 1002ac5c 78 API calls ctype 21319->21338 21322 10024cd0 21324 10024ce2 std::runtime_error::runtime_error 21322->21324 21339 10024b89 116 API calls 2 library calls 21322->21339 21324->21301 21326 1001e8fe 21325->21326 21327 1001e921 21326->21327 21340 10001650 79 API calls ctype 21326->21340 21329 1001ed40 21327->21329 21330 1001ed82 21329->21330 21331 1001ed76 21329->21331 21333 10020421 66 API calls _malloc 21330->21333 21341 1001f370 21331->21341 21333->21312 21334->21314 21335->21315 21336->21318 21337->21319 21338->21322 21339->21324 21340->21326 21342 1001f38f 21341->21342 21343 1001f3ab 21342->21343 21346 1001f3b9 21342->21346 21348 1001fb60 21343->21348 21345 1001f3b7 21345->21330 21346->21345 21356 1001fc30 79 API calls 21346->21356 21349 1001fb8e 21348->21349 21357 100236ce 21349->21357 21352 1001fbb1 21362 1002e804 67 API calls 3 library calls 21352->21362 21354 1001fbeb 21354->21345 21356->21345 21358 100236e2 21357->21358 21359 1001fba3 21357->21359 21360 1002e654 _malloc 66 API calls 21358->21360 21359->21352 21361 1001fb50 79 API calls ctype 21359->21361 21360->21359 21361->21352 21362->21354 21363 1002eaac 21364 1002eab7 21363->21364 21365 1002eabc 21363->21365 21381 1003732f GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 21364->21381 21369 1002e9b6 21365->21369 21368 1002eaca 21372 1002e9c2 __locking 21369->21372 21370 1002ea0f 21379 1002ea5f __locking 21370->21379 21429 10008080 21370->21429 21372->21370 21372->21379 21382 1002e881 21372->21382 21379->21368 21381->21365 21383 1002e890 21382->21383 21384 1002e90c 21382->21384 21434 10035645 HeapCreate 21383->21434 21386 1002e943 21384->21386 21388 1002e912 21384->21388 21387 1002e948 21386->21387 21389 1002e9a1 21386->21389 21553 1003459f 8 API calls __decode_pointer 21387->21553 21392 1002e92d 21388->21392 21397 1002e89b 21388->21397 21549 10030912 66 API calls _doexit 21388->21549 21389->21397 21584 100348b9 78 API calls 2 library calls 21389->21584 21392->21397 21550 10036caa 67 API calls __setlocale_get_all 21392->21550 21394 1002e94d 21554 100351f3 21394->21554 21397->21370 21399 1002e8a7 __RTC_Initialize 21402 1002e8ab 21399->21402 21406 1002e8b7 GetCommandLineA 21399->21406 21546 10035675 VirtualFree HeapFree HeapFree HeapDestroy 21402->21546 21403 1002e937 21551 100345d3 69 API calls 2 library calls 21403->21551 21470 1003702b 21406->21470 21408 1002e93c 21552 10035675 VirtualFree HeapFree HeapFree HeapDestroy 21408->21552 21414 1002e8d1 21418 1002e8d5 21414->21418 21512 10036f70 21414->21512 21415 1002e995 21571 1002e577 21415->21571 21416 1002e97e 21570 10034610 66 API calls 5 library calls 21416->21570 21547 100345d3 69 API calls 2 library calls 21418->21547 21422 1002e985 GetCurrentThreadId 21422->21397 21424 1002e8f5 21424->21397 21548 10036caa 67 API calls __setlocale_get_all 21424->21548 21698 1001ffa0 21429->21698 21435 1002e896 21434->21435 21435->21397 21436 10034927 GetModuleHandleW 21435->21436 21437 10034942 21436->21437 21438 1003493b 21436->21438 21439 10034aaa 21437->21439 21440 1003494c GetProcAddress GetProcAddress GetProcAddress GetProcAddress 21437->21440 21585 1003065c Sleep GetModuleHandleW 21438->21585 21599 100345d3 69 API calls 2 library calls 21439->21599 21442 10034995 TlsAlloc 21440->21442 21446 10034aaf 21442->21446 21447 100349e3 TlsSetValue 21442->21447 21444 10034941 21444->21437 21446->21399 21447->21446 21448 100349f4 21447->21448 21586 10030921 6 API calls 3 library calls 21448->21586 21450 100349f9 21587 100344a9 TlsGetValue 21450->21587 21453 100344a9 __encode_pointer 6 API calls 21454 10034a14 21453->21454 21455 100344a9 __encode_pointer 6 API calls 21454->21455 21456 10034a24 21455->21456 21457 100344a9 __encode_pointer 6 API calls 21456->21457 21458 10034a34 21457->21458 21597 100356e9 InitializeCriticalSectionAndSpinCount __mtinitlocknum 21458->21597 21460 10034a41 21460->21439 21461 10034524 __decode_pointer 6 API calls 21460->21461 21462 10034a55 21461->21462 21462->21439 21463 100351f3 __calloc_crt 66 API calls 21462->21463 21464 10034a6e 21463->21464 21464->21439 21465 10034524 __decode_pointer 6 API calls 21464->21465 21466 10034a88 21465->21466 21466->21439 21467 10034a8f 21466->21467 21598 10034610 66 API calls 5 library calls 21467->21598 21469 10034a97 GetCurrentThreadId 21469->21446 21471 10037049 GetEnvironmentStringsW 21470->21471 21475 10037068 21470->21475 21472 10037051 21471->21472 21473 1003705d GetLastError 21471->21473 21477 10037093 WideCharToMultiByte 21472->21477 21478 10037084 GetEnvironmentStringsW 21472->21478 21473->21475 21474 10037101 21476 1003710a GetEnvironmentStrings 21474->21476 21479 1002e8c7 21474->21479 21475->21472 21475->21474 21476->21479 21480 1003711a 21476->21480 21483 100370c7 21477->21483 21484 100370f6 FreeEnvironmentStringsW 21477->21484 21478->21477 21478->21479 21497 10036a56 21479->21497 21602 100351ae 66 API calls _malloc 21480->21602 21601 100351ae 66 API calls _malloc 21483->21601 21484->21479 21487 10037134 21490 10037147 21487->21490 21491 1003713b FreeEnvironmentStringsA 21487->21491 21488 100370cd 21488->21484 21489 100370d5 WideCharToMultiByte 21488->21489 21492 100370e7 21489->21492 21496 100370ef 21489->21496 21603 1002db20 __VEC_memcpy 21490->21603 21491->21479 21494 1002e577 __setlocale_get_all 66 API calls 21492->21494 21494->21496 21495 10037151 FreeEnvironmentStringsA 21495->21479 21496->21484 21604 10030e38 21497->21604 21499 10036a62 GetStartupInfoA 21500 100351f3 __calloc_crt 66 API calls 21499->21500 21507 10036a83 21500->21507 21501 10036ca1 __locking 21501->21414 21502 10036c1e GetStdHandle 21506 10036be8 21502->21506 21503 10036c83 SetHandleCount 21503->21501 21504 100351f3 __calloc_crt 66 API calls 21504->21507 21505 10036c30 GetFileType 21505->21506 21506->21501 21506->21502 21506->21503 21506->21505 21606 100386ab InitializeCriticalSectionAndSpinCount __locking 21506->21606 21507->21501 21507->21504 21507->21506 21510 10036b6b 21507->21510 21509 10036b94 GetFileType 21509->21510 21510->21501 21510->21506 21510->21509 21605 100386ab InitializeCriticalSectionAndSpinCount __locking 21510->21605 21513 10036f85 21512->21513 21514 10036f8a GetModuleFileNameA 21512->21514 21613 100334dc 110 API calls __setmbcp 21513->21613 21516 10036fb1 21514->21516 21607 10036dd6 21516->21607 21519 1002e8e1 21519->21424 21525 10036cf8 21519->21525 21520 10036fed 21614 100351ae 66 API calls _malloc 21520->21614 21522 10036ff3 21522->21519 21523 10036dd6 _parse_cmdline 76 API calls 21522->21523 21524 1003700d 21523->21524 21524->21519 21526 10036d01 21525->21526 21527 10036d06 _strlen 21525->21527 21616 100334dc 110 API calls __setmbcp 21526->21616 21529 1002e8ea 21527->21529 21530 100351f3 __calloc_crt 66 API calls 21527->21530 21529->21424 21540 1003074b 21529->21540 21534 10036d3b _strlen 21530->21534 21531 10036d99 21532 1002e577 __setlocale_get_all 66 API calls 21531->21532 21532->21529 21533 100351f3 __calloc_crt 66 API calls 21533->21534 21534->21529 21534->21531 21534->21533 21535 10036dbf 21534->21535 21538 10036d80 21534->21538 21617 1003096f 66 API calls __fptostr 21534->21617 21536 1002e577 __setlocale_get_all 66 API calls 21535->21536 21536->21529 21538->21534 21618 10032cb9 10 API calls 3 library calls 21538->21618 21541 10030759 __IsNonwritableInCurrentImage 21540->21541 21619 1003817c 21541->21619 21543 10030777 __initterm_e 21545 10030796 __IsNonwritableInCurrentImage __initterm 21543->21545 21623 1002e391 21543->21623 21545->21424 21546->21397 21547->21402 21548->21418 21549->21392 21550->21403 21551->21408 21552->21397 21553->21394 21556 100351fc 21554->21556 21557 1002e959 21556->21557 21558 1003521a Sleep 21556->21558 21676 1003b872 21556->21676 21557->21397 21560 10034524 TlsGetValue 21557->21560 21559 1003522f 21558->21559 21559->21556 21559->21557 21561 1003455d GetModuleHandleW 21560->21561 21562 1003453c 21560->21562 21563 10034578 GetProcAddress 21561->21563 21564 1003456d 21561->21564 21562->21561 21565 10034546 TlsGetValue 21562->21565 21567 1002e977 21563->21567 21694 1003065c Sleep GetModuleHandleW 21564->21694 21569 10034551 21565->21569 21567->21415 21567->21416 21568 10034573 21568->21563 21568->21567 21569->21561 21569->21567 21570->21422 21572 1002e583 __locking 21571->21572 21573 1002e5c2 21572->21573 21574 1002e5fc __locking __dosmaperr 21572->21574 21576 10035865 __lock 64 API calls 21572->21576 21573->21574 21575 1002e5d7 RtlFreeHeap 21573->21575 21574->21397 21575->21574 21577 1002e5e9 21575->21577 21580 1002e59a ___sbh_find_block 21576->21580 21697 10030d24 66 API calls __getptd_noexit 21577->21697 21579 1002e5ee GetLastError 21579->21574 21581 1002e5b4 21580->21581 21695 100358c8 VirtualFree VirtualFree HeapFree __fptostr 21580->21695 21696 1002e5cd LeaveCriticalSection _doexit 21581->21696 21584->21397 21585->21444 21586->21450 21588 100344e2 GetModuleHandleW 21587->21588 21589 100344c1 21587->21589 21590 100344f2 21588->21590 21591 100344fd GetProcAddress 21588->21591 21589->21588 21592 100344cb TlsGetValue 21589->21592 21600 1003065c Sleep GetModuleHandleW 21590->21600 21596 100344da 21591->21596 21595 100344d6 21592->21595 21594 100344f8 21594->21591 21594->21596 21595->21588 21595->21596 21596->21453 21597->21460 21598->21469 21599->21446 21600->21594 21601->21488 21602->21487 21603->21495 21604->21499 21605->21510 21606->21506 21609 10036df5 21607->21609 21611 10036e62 21609->21611 21615 10031907 76 API calls x_ismbbtype_l 21609->21615 21610 10036f60 21610->21519 21610->21520 21611->21610 21612 10031907 76 API calls _parse_cmdline 21611->21612 21612->21611 21613->21514 21614->21522 21615->21609 21616->21527 21617->21534 21618->21538 21620 10038182 21619->21620 21621 100344a9 __encode_pointer 6 API calls 21620->21621 21622 1003819a 21620->21622 21621->21620 21622->21543 21626 1002e355 21623->21626 21625 1002e39e 21625->21545 21627 1002e361 __locking 21626->21627 21634 100306f8 21627->21634 21633 1002e382 __locking 21633->21625 21660 10035865 21634->21660 21636 1002e366 21637 1002e26a 21636->21637 21638 10034524 __decode_pointer 6 API calls 21637->21638 21639 1002e27e 21638->21639 21640 10034524 __decode_pointer 6 API calls 21639->21640 21641 1002e28e 21640->21641 21652 1002e311 21641->21652 21669 100317be 67 API calls 5 library calls 21641->21669 21643 1002e2ac 21646 1002e2d6 21643->21646 21647 1002e2c7 21643->21647 21656 1002e2f8 21643->21656 21644 100344a9 __encode_pointer 6 API calls 21645 1002e306 21644->21645 21648 100344a9 __encode_pointer 6 API calls 21645->21648 21650 1002e2d0 21646->21650 21646->21652 21670 1003523f 73 API calls _realloc 21647->21670 21648->21652 21650->21646 21654 1002e2ec 21650->21654 21671 1003523f 73 API calls _realloc 21650->21671 21657 1002e38b 21652->21657 21653 1002e2e6 21653->21652 21653->21654 21655 100344a9 __encode_pointer 6 API calls 21654->21655 21655->21656 21656->21644 21672 10030701 21657->21672 21661 1003587a 21660->21661 21662 1003588d EnterCriticalSection 21660->21662 21667 100357a2 66 API calls 9 library calls 21661->21667 21662->21636 21664 10035880 21664->21662 21668 1003068c 66 API calls 3 library calls 21664->21668 21666 1003588c 21666->21662 21667->21664 21668->21666 21669->21643 21670->21650 21671->21653 21675 1003578b LeaveCriticalSection 21672->21675 21674 1002e390 21674->21633 21675->21674 21677 1003b87e __locking 21676->21677 21678 1003b896 21677->21678 21682 1003b8b5 _memset 21677->21682 21689 10030d24 66 API calls __getptd_noexit 21678->21689 21680 1003b89b 21690 10032de1 6 API calls 2 library calls 21680->21690 21681 1003b927 RtlAllocateHeap 21681->21682 21682->21681 21685 10035865 __lock 65 API calls 21682->21685 21686 1003b8ab __locking 21682->21686 21691 10036077 5 API calls 2 library calls 21682->21691 21692 1003b96e LeaveCriticalSection _doexit 21682->21692 21693 1003654f 6 API calls __decode_pointer 21682->21693 21685->21682 21686->21556 21689->21680 21691->21682 21692->21682 21693->21682 21694->21568 21695->21581 21696->21573 21697->21579 21699 1001ffdf _strlen 21698->21699 21713 1001f0b0 21699->21713 21701 10020056 ___DllMainCRTStartup 21704 10020305 21701->21704 21722 10001920 68 API calls 4 library calls 21701->21722 21703 10020326 21718 1001f970 21703->21718 21704->21703 21723 1001f830 68 API calls ___DllMainCRTStartup 21704->21723 21708 10008000 21709 1002e654 _malloc 66 API calls 21708->21709 21710 10008010 21709->21710 21711 1000801c 21710->21711 21712 1002e577 __setlocale_get_all 66 API calls 21710->21712 21712->21711 21724 1001f910 21713->21724 21716 1001f148 21716->21701 21719 1001f995 21718->21719 21720 1000809c 21718->21720 21730 10044028 LeaveCriticalSection __Fac_tidy 21719->21730 21720->21708 21722->21704 21723->21703 21725 1001f93d 21724->21725 21726 1001f0ed 21724->21726 21729 1004401f EnterCriticalSection std::_Lockit::_Lockit 21725->21729 21726->21716 21728 1001ea80 68 API calls std::ios_base::_Init 21726->21728 21728->21716 21729->21726 21730->21720

                                                                                                          Executed Functions

                                                                                                          Function 10002D40, Relevance: 22.8, APIs: 15, Instructions: 331COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 7 10002d40-10002d67 call 100024a0 10 10002d70-10002d81 7->10 11 10002d69-10002d6b 7->11 13 10002d83-10002d90 SetLastError 10->13 14 10002d95-10002db0 call 100024a0 10->14 12 1000315a-1000315d 11->12 13->12 17 10002db2-10002db4 14->17 18 10002db9-10002dce 14->18 17->12 19 10002dd0-10002ddd SetLastError 18->19 20 10002de2-10002def 18->20 19->12 21 10002df1-10002dfe SetLastError 20->21 22 10002e03-10002e0c 20->22 21->12 23 10002e20-10002e41 22->23 24 10002e0e-10002e1b SetLastError 22->24 25 10002e55-10002e5f 23->25 24->12 26 10002e61-10002e68 25->26 27 10002e97-10002ed2 GetNativeSystemInfo 25->27 28 10002e78-10002e84 26->28 29 10002e6a-10002e76 26->29 30 10002ed4-10002ee1 SetLastError 27->30 31 10002ee6-10002f05 VirtualAlloc 27->31 32 10002e87-10002e8d 28->32 29->32 30->12 33 10002f32-10002f4a GetProcessHeap HeapAlloc 31->33 34 10002f07-10002f21 VirtualAlloc 31->34 35 10002e95 32->35 36 10002e8f-10002e92 32->36 38 10002f6c-10002fd0 call 100024a0 33->38 39 10002f4c-10002f67 VirtualFree SetLastError 33->39 34->33 37 10002f23-10002f2d SetLastError 34->37 35->25 36->35 37->12 43 10002fd2 38->43 44 10002fdc-10003041 VirtualAlloc call 10002320 call 100024d0 38->44 39->12 45 1000314c-10003158 call 10003310 43->45 52 10003043 44->52 53 1000304d-1000305e 44->53 45->12 52->45 54 10003060-10003076 call 100029c0 53->54 55 10003078-1000307b 53->55 57 10003082-10003090 call 10002ab0 54->57 55->57 61 10003092 57->61 62 1000309c-100030aa call 100027c0 57->62 61->45 65 100030b6-100030c4 call 10002940 62->65 66 100030ac 62->66 69 100030c6 65->69 70 100030cd-100030d6 65->70 66->45 69->45 71 100030d8-100030df 70->71 72 1000313d-10003140 70->72 74 100030e1-10003102 71->74 75 1000312a-10003138 71->75 73 10003147-1000314a 72->73 73->12 73->45 77 10003106-1000310d 74->77 76 1000313b 75->76 76->73 78 1000311e-10003128 77->78 79 1000310f-1000311a SetLastError 77->79 78->76 79->45
                                                                                                          APIs
                                                                                                            • Part of subcall function 100024A0: SetLastError.KERNEL32(0000000D,?,?,10002D65,1001DF0A,00000040), ref: 100024B1
                                                                                                          • SetLastError.KERNEL32(000000C1,1001DF0A,00000040), ref: 10002D88
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorLast
                                                                                                          • String ID:
                                                                                                          • API String ID: 1452528299-0
                                                                                                          • Opcode ID: 6650c2dd50d65ac3f23d73d252b9ed4773b7d6bfb551cac519879840267a53eb
                                                                                                          • Instruction ID: 8eda3ac1f8f3e078098bdc719848e1594ce6d4798074e02e4610946cd2a58ef5
                                                                                                          • Opcode Fuzzy Hash: 6650c2dd50d65ac3f23d73d252b9ed4773b7d6bfb551cac519879840267a53eb
                                                                                                          • Instruction Fuzzy Hash: 7CE1E774A00209DFEB05CF94C994AAEB7B6FF8C344F208559E909AB399D770ED42CB54
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002ADAC, Relevance: 16.6, APIs: 11, Instructions: 106memoryCOMMONLIBRARYCODE
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          APIs
                                                                                                          • EnterCriticalSection.KERNEL32(100863DC,?,?,?,100863C0,100863C0,?,1002B10F,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002ADBF
                                                                                                          • GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,100863C0,100863C0,?,1002B10F,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004), ref: 1002AE15
                                                                                                          • GlobalHandle.KERNEL32 ref: 1002AE1E
                                                                                                          • GlobalUnlock.KERNEL32(00000000,?,?,?,100863C0,100863C0,?,1002B10F,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002AE28
                                                                                                          • GlobalReAlloc.KERNEL32(?,00000000,00002002), ref: 1002AE41
                                                                                                          • GlobalHandle.KERNEL32 ref: 1002AE53
                                                                                                          • GlobalLock.KERNEL32 ref: 1002AE5A
                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,?,100863C0,100863C0,?,1002B10F,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002AE63
                                                                                                          • GlobalLock.KERNEL32 ref: 1002AE6F
                                                                                                          • _memset.LIBCMT ref: 1002AE89
                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 1002AEB7
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Global$CriticalSection$AllocHandleLeaveLock$EnterUnlock_memset
                                                                                                          • String ID:
                                                                                                          • API String ID: 496899490-0
                                                                                                          • Opcode ID: 0164f1c6eb9680f14c75084477ec16f681797b22eeba17cddfee44694ed90e92
                                                                                                          • Instruction ID: 1a22abfe9f33a297b41a0f192d06fc5d98366496c497f4e189800256e1e6bccf
                                                                                                          • Opcode Fuzzy Hash: 0164f1c6eb9680f14c75084477ec16f681797b22eeba17cddfee44694ed90e92
                                                                                                          • Instruction Fuzzy Hash: 1E31AD71600715AFEB21CF68DD89A1BBBF9FF46301B42892DE55AD3661DB30F8818B50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002E577, Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          APIs
                                                                                                          • __lock.LIBCMT ref: 1002E595
                                                                                                            • Part of subcall function 10035865: __mtinitlocknum.LIBCMT ref: 1003587B
                                                                                                            • Part of subcall function 10035865: __amsg_exit.LIBCMT ref: 10035887
                                                                                                            • Part of subcall function 10035865: EnterCriticalSection.KERNEL32(00000000,00000000,?,1003481B,0000000D,1004E828,00000008,10034912,00000000,?,1002E9AC,00000000,?,?,?,1002EA0F), ref: 1003588F
                                                                                                          • ___sbh_find_block.LIBCMT ref: 1002E5A0
                                                                                                          • ___sbh_free_block.LIBCMT ref: 1002E5AF
                                                                                                          • RtlFreeHeap.NTDLL(00000000,00000000,1004E648,0000000C,10034761,00000000,?,100351BF,00000000,00000001,00000000,?,100357EF,00000018,1004E870,0000000C), ref: 1002E5DF
                                                                                                          • GetLastError.KERNEL32(?,100351BF,00000000,00000001,00000000,?,100357EF,00000018,1004E870,0000000C,10035880,00000000,00000000,?,1003481B,0000000D), ref: 1002E5F0
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                                                                          • String ID:
                                                                                                          • API String ID: 2714421763-0
                                                                                                          • Opcode ID: 4be1625d71f223fd5a529c098bfd6286ab20592f98f3d388c1b792f7bfa5bc77
                                                                                                          • Instruction ID: 15e9110145b1e9c1bde58837c3f2254f90dacbefcca8cfa7097211139088966e
                                                                                                          • Opcode Fuzzy Hash: 4be1625d71f223fd5a529c098bfd6286ab20592f98f3d388c1b792f7bfa5bc77
                                                                                                          • Instruction Fuzzy Hash: E001A7358567669EEB21DBB1AC0574D3BE4FF01796F900415F404AA4D1DF34AD40CB54
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 100036A0, Relevance: 4.4, APIs: 1, Strings: 1, Instructions: 937COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 131 100036a0-100036bb call 1002e654 133 100036c0-100036e5 131->133 135 10003896-100038b1 133->135 136 100036eb-10003891 133->136 138 100038b7-10004a34 135->138 139 10004a39-10004a3d 135->139
                                                                                                          APIs
                                                                                                          • _malloc.LIBCMT ref: 100036BB
                                                                                                            • Part of subcall function 1002E654: __FF_MSGBANNER.LIBCMT ref: 1002E677
                                                                                                            • Part of subcall function 1002E654: __NMSG_WRITE.LIBCMT ref: 1002E67E
                                                                                                            • Part of subcall function 1002E654: RtlAllocateHeap.NTDLL(00000000,-0000000F,00000001,00000000,00000000,?,100351BF,00000000,00000001,00000000,?,100357EF,00000018,1004E870,0000000C,10035880), ref: 1002E6CB
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AllocateHeap_malloc
                                                                                                          • String ID: +';
                                                                                                          • API String ID: 501242067-2694261586
                                                                                                          • Opcode ID: 0b326109276fce54ba6433786671c084a7be121183821a19a2d99cb653a252e6
                                                                                                          • Instruction ID: 8c5fde967666ed0afc5dc7c826d0591e9b318715144b3c37a2536eafdc0580d3
                                                                                                          • Opcode Fuzzy Hash: 0b326109276fce54ba6433786671c084a7be121183821a19a2d99cb653a252e6
                                                                                                          • Instruction Fuzzy Hash: 8FB21B369120218FE70ADFACDED5F257BA6F794608747B21FC4018737ADE306464CA5A
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10003440, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 199COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 140 10003440-1000344d 141 10003454-10003462 140->141 142 1000344f call 100033f0 140->142 144 10003464-10003466 141->144 145 1000346b-10003486 141->145 142->141 146 10003699-1000369c 144->146 147 10003495-100034a2 145->147 148 10003488-10003493 145->148 149 100034b1-100034b7 call 1002e654 147->149 150 100034a4-100034af 147->150 148->147 152 100034bc-100034c6 149->152 150->149 153 100034c8-100034ca 152->153 154 100034cf-100034d6 152->154 153->146 155 100034dd-100034e3 154->155 156 10003696 155->156 157 100034e9-100034f5 155->157 156->146 158 100034f7-10003509 157->158 159 1000350b-10003527 157->159 160 1000352a-1000353c 158->160 159->160 161 10003552-1000356d 160->161 162 1000353e-10003550 160->162 163 10003570-10003582 161->163 162->163 164 10003584-10003596 163->164 165 10003598-100035b4 163->165 166 100035b7-100035c9 164->166 165->166 167 100035cb-100035dd 166->167 168 100035df-100035fb 166->168 169 100035fe-10003628 167->169 168->169 170 10003647-1000364f 169->170 171 1000362a-10003644 169->171 172 10003651-1000366b 170->172 173 1000366e-10003676 170->173 171->170 172->173 174 10003691 173->174 175 10003678-1000368e 173->175 174->155 175->174
                                                                                                          APIs
                                                                                                            • Part of subcall function 100033F0: _malloc.LIBCMT ref: 100033F9
                                                                                                          • _malloc.LIBCMT ref: 100034B7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _malloc
                                                                                                          • String ID: +';
                                                                                                          • API String ID: 1579825452-2694261586
                                                                                                          • Opcode ID: 03de1ce98db81d32a198f84050ea0a9e1233ff5b21d79efe49771c2647b1339e
                                                                                                          • Instruction ID: 6db3f6523064f320fd84e53d4013fc8a18f56f5699846b59c9fd9a4c566afa3d
                                                                                                          • Opcode Fuzzy Hash: 03de1ce98db81d32a198f84050ea0a9e1233ff5b21d79efe49771c2647b1339e
                                                                                                          • Instruction Fuzzy Hash: B891E770E04649AFDB09CF98C490AAEBBB2FF85345F24C199D915AB359C335AA90CF44
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10002690, Relevance: 3.1, APIs: 2, Instructions: 98COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 176 10002690-100026a0 177 100026a2-100026a7 176->177 178 100026ac-100026b8 176->178 179 100027ac-100027af 177->179 180 10002714-10002776 178->180 181 100026ba-100026c5 178->181 184 10002784-100027a1 VirtualProtect 180->184 185 10002778-10002781 180->185 182 100026c7-100026ce 181->182 183 1000270a-1000270f 181->183 186 100026d0-100026de 182->186 187 100026f2-10002704 VirtualFree 182->187 183->179 188 100027a3-100027a5 184->188 189 100027a7 184->189 185->184 186->187 190 100026e0-100026f0 186->190 187->183 188->179 189->179 190->183 190->187
                                                                                                          APIs
                                                                                                          • VirtualFree.KERNELBASE(00000000,?,00004000,?,10002928,00000001,00000000,?,100030A8,?,?,?,?,100030A8,00000000,00000000), ref: 10002704
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: FreeVirtual
                                                                                                          • String ID:
                                                                                                          • API String ID: 1263568516-0
                                                                                                          • Opcode ID: 3c4ab6a1de08e5656c1cdd8e190091452f899426c6fe537940d40abfc070cfe1
                                                                                                          • Instruction ID: e47a27f64338b3e84d430cb899d867ed3d67d72a97b2c0655aeaec8263a425f7
                                                                                                          • Opcode Fuzzy Hash: 3c4ab6a1de08e5656c1cdd8e190091452f899426c6fe537940d40abfc070cfe1
                                                                                                          • Instruction Fuzzy Hash: 8841B77461410AAFEB48CF58C490BA9B7B2FB88364F14C659EC1A9F355C731EE41CB84
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 100024D0, Relevance: 2.6, APIs: 2, Instructions: 115memoryCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 191 100024d0-100024fe 192 10002512-1000251e 191->192 193 10002524-1000252b 192->193 194 10002616 192->194 195 10002593-100025ae call 100024a0 193->195 196 1000252d-1000253a 193->196 197 1000261b-1000261e 194->197 206 100025b0-100025b2 195->206 207 100025b4-100025d9 VirtualAlloc 195->207 198 1000253c-1000255e VirtualAlloc 196->198 199 1000258e 196->199 201 10002560-10002562 198->201 202 10002567-1000258b call 100022d0 198->202 199->192 201->197 202->199 206->197 209 100025db-100025dd 207->209 210 100025df-1000260e call 10002320 207->210 209->197 210->194
                                                                                                          APIs
                                                                                                          • VirtualAlloc.KERNEL32(4D8B0000,00000000,00001000,00000004,?,1000303F,00000000), ref: 10002551
                                                                                                          • VirtualAlloc.KERNELBASE(4D8B0000,8B118BBC,00001000,00000004,1001DF0A,8B118BBC,?,1000303F,00000000,1001DF0A,?), ref: 100025CC
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AllocVirtual
                                                                                                          • String ID:
                                                                                                          • API String ID: 4275171209-0
                                                                                                          • Opcode ID: 1d05fb9c1b52efa1b656e8a9f1121a2f78f34b5e3947038098bbbc68630c54fe
                                                                                                          • Instruction ID: f227e8c1e280d8d0b8d11f9a2f1445d4c625449e48c39147985fdcb30a9e5b67
                                                                                                          • Opcode Fuzzy Hash: 1d05fb9c1b52efa1b656e8a9f1121a2f78f34b5e3947038098bbbc68630c54fe
                                                                                                          • Instruction Fuzzy Hash: FE51E9B4A0010AEFDB04CF94C990AAEB7F1FF48345F248598E905AB345D370EE91CBA5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10024BD0, Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          APIs
                                                                                                          • __EH_prolog3_catch.LIBCMT ref: 10024BD7
                                                                                                            • Part of subcall function 10020421: _malloc.LIBCMT ref: 1002043F
                                                                                                            • Part of subcall function 1002AC5C: LocalAlloc.KERNEL32(00000040,?,?,1002AFE7,00000010,?,?,00000000,?,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004), ref: 1002AC66
                                                                                                            • Part of subcall function 100248E2: __EH_prolog3.LIBCMT ref: 100248E9
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AllocH_prolog3H_prolog3_catchLocal_malloc
                                                                                                          • String ID:
                                                                                                          • API String ID: 1104862767-0
                                                                                                          • Opcode ID: fd7fb294918823335492a66fe64f990aaa4eeed4153628f3b589ca3afe8965ee
                                                                                                          • Instruction ID: a1f779584784c66b6c6d6693aa33ee417c0f7bf9ec3ebef889974536428868aa
                                                                                                          • Opcode Fuzzy Hash: fd7fb294918823335492a66fe64f990aaa4eeed4153628f3b589ca3afe8965ee
                                                                                                          • Instruction Fuzzy Hash: 87317AB4A05B40CFD761CF69904125EFBF0FF94700FA08A1EA19A87791CB71A640CB15
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1001FB60, Relevance: 1.6, APIs: 1, Instructions: 80COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 246 1001fb60-1001fba1 call 100236ce 248 1001fba3-1001fbaa 246->248 249 1001fbb1-1001fbb7 248->249 250 1001fbac call 1001fb50 248->250 252 1001fbc1-1001fbc4 249->252 253 1001fbb9-1001fbbf 249->253 250->249 254 1001fbc7-1001fc07 call 1002e804 252->254 253->254 257 1001fc09-1001fc19 254->257 258 1001fc1e-1001fc2c 254->258 257->258
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _memcpy_s
                                                                                                          • String ID:
                                                                                                          • API String ID: 2001391462-0
                                                                                                          • Opcode ID: d3dc88160a5e56be7f368e8a08c7792e6ef88e5c4e6cc4fd85bb2cebbcebf868
                                                                                                          • Instruction ID: f5ed4905dd4460340b5ac9a4a0a7973f6bbe06acb99917e18be8531ceafe8f55
                                                                                                          • Opcode Fuzzy Hash: d3dc88160a5e56be7f368e8a08c7792e6ef88e5c4e6cc4fd85bb2cebbcebf868
                                                                                                          • Instruction Fuzzy Hash: EA3197B4E0060ADFCB04DF98C891AAEB7B1FF88310F148699E915AB355D730AD41CF94
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002B0BB, Relevance: 1.5, APIs: 1, Instructions: 43COMMONLIBRARYCODE
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 260 1002b0bb-1002b0d3 call 10030535 263 1002b0d5 call 10023b5b 260->263 264 1002b0da-1002b0dd 260->264 263->264 266 1002b115-1002b126 call 1002ac8f 264->266 267 1002b0df-1002b0e7 264->267 276 1002b13b-1002b142 call 1003060d 266->276 277 1002b128-1002b136 call 1002af6b 266->277 269 1002b10a call 1002adac 267->269 270 1002b0e9-1002b108 call 1002aec4 267->270 275 1002b10f-1002b113 269->275 270->263 270->269 275->263 275->266 277->276
                                                                                                          APIs
                                                                                                          • __EH_prolog3.LIBCMT ref: 1002B0C2
                                                                                                            • Part of subcall function 10023B5B: __CxxThrowException@8.LIBCMT ref: 10023B71
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Exception@8H_prolog3Throw
                                                                                                          • String ID:
                                                                                                          • API String ID: 3670251406-0
                                                                                                          • Opcode ID: 4f981416dc5ef7bbdfecb2dfbb495584922b02ae1a1aa31fe3482948e2cc2218
                                                                                                          • Instruction ID: c80a5d1f5578f8721dbd374575b215f2d5835d67e27bcfac389e5dd05e3c6f9c
                                                                                                          • Opcode Fuzzy Hash: 4f981416dc5ef7bbdfecb2dfbb495584922b02ae1a1aa31fe3482948e2cc2218
                                                                                                          • Instruction Fuzzy Hash: FE017C386006438BDB26DF64DC6172E76E2EB843A1FA2442EE9518B291EF359D41CB40
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10008000, Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 282 10008000-1000801a call 1002e654 285 10008023-10008037 282->285 286 1000801c-10008021 282->286 288 1000804b-10008052 285->288 287 1000807b-1000807e 286->287 289 10008054-1000805c 288->289 290 1000805e-10008062 call 1002e577 288->290 289->288 293 10008067-10008070 290->293 294 10008072-10008074 293->294 295 10008076 293->295 294->287 295->287
                                                                                                          APIs
                                                                                                          • _malloc.LIBCMT ref: 1000800B
                                                                                                            • Part of subcall function 1002E654: __FF_MSGBANNER.LIBCMT ref: 1002E677
                                                                                                            • Part of subcall function 1002E654: __NMSG_WRITE.LIBCMT ref: 1002E67E
                                                                                                            • Part of subcall function 1002E654: RtlAllocateHeap.NTDLL(00000000,-0000000F,00000001,00000000,00000000,?,100351BF,00000000,00000001,00000000,?,100357EF,00000018,1004E870,0000000C,10035880), ref: 1002E6CB
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AllocateHeap_malloc
                                                                                                          • String ID:
                                                                                                          • API String ID: 501242067-0
                                                                                                          • Opcode ID: 9844e1e0ea7d25e2d8370f8d0841ec7162df559c8b01d3b16c313ebecebe2b95
                                                                                                          • Instruction ID: 9a20b1d8cf5172607ffba420905976db52b7852b2de11c78eab645b8586f80a8
                                                                                                          • Opcode Fuzzy Hash: 9844e1e0ea7d25e2d8370f8d0841ec7162df559c8b01d3b16c313ebecebe2b95
                                                                                                          • Instruction Fuzzy Hash: BD012CB4D08158EBEB00CFA4D85569EBBB4FB00394F108895D9516B305D376AB18DB91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 100236CE, Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 296 100236ce-100236dc 297 100236e2-100236ed call 1002e654 296->297 298 100236de-100236e0 296->298 301 100236f2-100236f5 297->301 299 10023707-1002370a 298->299 301->298 302 100236f7-10023704 301->302 302->299
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _malloc
                                                                                                          • String ID:
                                                                                                          • API String ID: 1579825452-0
                                                                                                          • Opcode ID: f1b84940060e793f2024458e4c8e5a4687c3363722e5127f1986a87a664482b3
                                                                                                          • Instruction ID: 890261fd43258a4c098dfe067f91bb2ba3d5f49a8a728e9457d7994589d2c75f
                                                                                                          • Opcode Fuzzy Hash: f1b84940060e793f2024458e4c8e5a4687c3363722e5127f1986a87a664482b3
                                                                                                          • Instruction Fuzzy Hash: 4CE06D766006156BC700CB4AE408A46BBDCDFA13B0F56C466E808CB252CAB1E8048BA0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002ACFB, Relevance: 1.5, APIs: 1, Instructions: 21COMMONLIBRARYCODE
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 303 1002acfb-1002ad0d call 10030568 306 1002ad30-1002ad37 call 1003060d 303->306 307 1002ad0f-1002ad1e call 1002a6ab 303->307 312 1002ad20 call 10024d0b 307->312 313 1002ad25-1002ad2b call 1002a71d 307->313 315 1002ad23 312->315 313->306 315->313
                                                                                                          APIs
                                                                                                          • __EH_prolog3_catch.LIBCMT ref: 1002AD02
                                                                                                            • Part of subcall function 1002A6AB: EnterCriticalSection.KERNEL32(10086308,?,?,?,?,1002AD16,00000010,00000008,10024D7E,10024D21,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002A6E5
                                                                                                            • Part of subcall function 1002A6AB: InitializeCriticalSection.KERNEL32(?,?,?,?,?,1002AD16,00000010,00000008,10024D7E,10024D21,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002A6F7
                                                                                                            • Part of subcall function 1002A6AB: LeaveCriticalSection.KERNEL32(10086308,?,?,?,?,1002AD16,00000010,00000008,10024D7E,10024D21,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002A704
                                                                                                            • Part of subcall function 1002A6AB: EnterCriticalSection.KERNEL32(?,?,?,?,?,1002AD16,00000010,00000008,10024D7E,10024D21,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002A714
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CriticalSection$Enter$H_prolog3_catchInitializeLeave
                                                                                                          • String ID:
                                                                                                          • API String ID: 1641187343-0
                                                                                                          • Opcode ID: 66fe0e46e7327439d87287bd7a4e421fc252772a67af4eb91e5b37aeeae1f300
                                                                                                          • Instruction ID: 3b67d6bb43f4ea54dfbebb57807521158ddd2742ca645746548a7aae3598e2fb
                                                                                                          • Opcode Fuzzy Hash: 66fe0e46e7327439d87287bd7a4e421fc252772a67af4eb91e5b37aeeae1f300
                                                                                                          • Instruction Fuzzy Hash: F3E04F386442069BE760DFA4D846B4DB6E0EF01762FA04628F9D1EB2C2DF70AD80DB15
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10035645, Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMONLIBRARYCODE
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 317 10035645-10035667 HeapCreate 318 1003566b-10035674 317->318 319 10035669-1003566a 317->319
                                                                                                          APIs
                                                                                                          • HeapCreate.KERNELBASE(00000000,00001000,00000000,?,1002E896,00000001,?,?,?,1002EA0F,?,?,?,1004E6A8,0000000C,1002EACA), ref: 1003565A
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CreateHeap
                                                                                                          • String ID:
                                                                                                          • API String ID: 10892065-0
                                                                                                          • Opcode ID: 11ed1c273bd328d3672869b0a3b6640a53f1cfb0cc5beffffd0de0ee24041fc5
                                                                                                          • Instruction ID: 0df5893edc33e170cd9319f6da52f4968d67da800731ff8b92bc7feba6a3d305
                                                                                                          • Opcode Fuzzy Hash: 11ed1c273bd328d3672869b0a3b6640a53f1cfb0cc5beffffd0de0ee24041fc5
                                                                                                          • Instruction Fuzzy Hash: 17D05E329507559EF7029F716C49B223BDCE384A96F048436F80CC61A0E670C6418A04
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Non-executed Functions

                                                                                                          Function 1003C7D2, Relevance: 66.4, APIs: 44, Instructions: 432COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ___getlocaleinfo
                                                                                                          • String ID:
                                                                                                          • API String ID: 1937885557-0
                                                                                                          • Opcode ID: 140fc5ec8b9a87e1cb2285073580b9a6ca86accc3e2e9ca1bcb8d5ec2949de64
                                                                                                          • Instruction ID: b04c4d7f6a57d8df90e79b3f21b47685716bac7d418787b81275d3872e324d7c
                                                                                                          • Opcode Fuzzy Hash: 140fc5ec8b9a87e1cb2285073580b9a6ca86accc3e2e9ca1bcb8d5ec2949de64
                                                                                                          • Instruction Fuzzy Hash: 0DE1DDB294060DBEEF12CAE1CC85DFFB7BDFB04744F14096AB255E6041EA71AB059B60
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10001160, Relevance: 10.6, APIs: 7, Instructions: 71networkCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • WSAStartup.WS2_32(?,?), ref: 10001194
                                                                                                          • _memset.LIBCMT ref: 100011A8
                                                                                                          • htonl.WS2_32(00000000), ref: 100011C1
                                                                                                          • htons.WS2_32(?), ref: 100011D5
                                                                                                          • socket.WS2_32(00000002,00000002,00000000), ref: 100011EB
                                                                                                          • bind.WS2_32(?,?,00000010), ref: 10001210
                                                                                                          • setsockopt.WS2_32(?,0000FFFF,00001006,00000001,00000008), ref: 10001252
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Startup_memsetbindhtonlhtonssetsockoptsocket
                                                                                                          • String ID:
                                                                                                          • API String ID: 1003240404-0
                                                                                                          • Opcode ID: 4267394abd7b2fe00b1ee463b318e0afc4881c9e2497cd05d0da4904e14a920c
                                                                                                          • Instruction ID: 8b71fe392eebb4791ef10e00b80357e65c28fbed0d3ec8f38f9f26760835bea4
                                                                                                          • Opcode Fuzzy Hash: 4267394abd7b2fe00b1ee463b318e0afc4881c9e2497cd05d0da4904e14a920c
                                                                                                          • Instruction Fuzzy Hash: D6317C74A01228AFE760CB54CC85BE9B7B4FF8A714F0041D8E949AB281CB71AD80DF55
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1001DFC0, Relevance: 9.1, APIs: 6, Instructions: 83windowCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • IsIconic.USER32 ref: 1001DFE3
                                                                                                            • Part of subcall function 10024266: __EH_prolog3.LIBCMT ref: 1002426D
                                                                                                            • Part of subcall function 10024266: BeginPaint.USER32(?,?,00000004,10022D30,?,00000058,1001E0C9), ref: 10024299
                                                                                                          • SendMessageA.USER32 ref: 1001E031
                                                                                                          • GetSystemMetrics.USER32 ref: 1001E039
                                                                                                          • GetSystemMetrics.USER32 ref: 1001E044
                                                                                                          • GetClientRect.USER32 ref: 1001E05B
                                                                                                          • DrawIcon.USER32 ref: 1001E0AE
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: MetricsSystem$BeginClientDrawH_prolog3IconIconicMessagePaintRectSend
                                                                                                          • String ID:
                                                                                                          • API String ID: 1007970657-0
                                                                                                          • Opcode ID: 3259dfba3eec98d8480867ab092ef1825236dcdbd4a97db3d006f8f0a7e1c205
                                                                                                          • Instruction ID: 44eb2ef316f0b933980e992ec3fa30d6a4f6e9fba2b57c8abd37e2d05c6bd9c1
                                                                                                          • Opcode Fuzzy Hash: 3259dfba3eec98d8480867ab092ef1825236dcdbd4a97db3d006f8f0a7e1c205
                                                                                                          • Instruction Fuzzy Hash: 4A31EA75A00119DFDB24CFA8C985FAEBBB5FB48300F108299E549E7241DA30AE84DF54
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002129B, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73libraryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • _strcpy_s.LIBCMT ref: 100212CD
                                                                                                            • Part of subcall function 100210FF: __CxxThrowException@8.LIBCMT ref: 10023B71
                                                                                                            • Part of subcall function 100210FF: __cftof.LIBCMT ref: 10023B88
                                                                                                            • Part of subcall function 10030D24: __getptd_noexit.LIBCMT ref: 10030D24
                                                                                                          • GetLocaleInfoA.KERNEL32(00000800,00000003,?,00000004), ref: 100212E5
                                                                                                          • __snwprintf_s.LIBCMT ref: 1002131A
                                                                                                          • LoadLibraryA.KERNEL32(?), ref: 10021355
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Exception@8InfoLibraryLoadLocaleThrow__cftof__getptd_noexit__snwprintf_s_strcpy_s
                                                                                                          • String ID: LOC
                                                                                                          • API String ID: 1016519223-519433814
                                                                                                          • Opcode ID: 8ad2e179110c5fc4a63ba0c3a506fe82720806b71859df2b9a9481073aac2a1f
                                                                                                          • Instruction ID: e5882df6752d869781cd97db702e75e799ef83d3d4dcb43d327d0f518dc3dfd8
                                                                                                          • Opcode Fuzzy Hash: 8ad2e179110c5fc4a63ba0c3a506fe82720806b71859df2b9a9481073aac2a1f
                                                                                                          • Instruction Fuzzy Hash: A021063990121CAFDB11EBA0EC46BDD33EEEB05751F9004A1FA04DB491DB70AE45C6A0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002DB0D, Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • IsDebuggerPresent.KERNEL32 ref: 10031D3A
                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 10031D4F
                                                                                                          • UnhandledExceptionFilter.KERNEL32(10049478), ref: 10031D5A
                                                                                                          • GetCurrentProcess.KERNEL32(C0000409), ref: 10031D76
                                                                                                          • TerminateProcess.KERNEL32(00000000), ref: 10031D7D
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                          • String ID:
                                                                                                          • API String ID: 2579439406-0
                                                                                                          • Opcode ID: 71874975056eb2054f9aced908419e2b906654dc85cf8b7fbf46a45a6eae212a
                                                                                                          • Instruction ID: eb2889493d924e234dee94db6a5018ee6042f58a5b7914c10149dcbc3be7d463
                                                                                                          • Opcode Fuzzy Hash: 71874975056eb2054f9aced908419e2b906654dc85cf8b7fbf46a45a6eae212a
                                                                                                          • Instruction Fuzzy Hash: C8219AB8C01A24DFF742DF68DDC96883BB4FB1C345F52102AE9088B665E7B06985CF15
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10027958, Relevance: 6.0, APIs: 4, Instructions: 42keyboardwindowCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: State$LongMessageSendWindow
                                                                                                          • String ID:
                                                                                                          • API String ID: 1063413437-0
                                                                                                          • Opcode ID: a9509507a0c3cd732412f6ac1bfcc6ca4a4eab2c6e7fc2ddd7a5ec5eb68b4cea
                                                                                                          • Instruction ID: a80f2be592eaa4d0f51a0e10a6f75c43a55355dd3138243e3a8160c71d5bf3bd
                                                                                                          • Opcode Fuzzy Hash: a9509507a0c3cd732412f6ac1bfcc6ca4a4eab2c6e7fc2ddd7a5ec5eb68b4cea
                                                                                                          • Instruction Fuzzy Hash: 0AF0E93A7C035B66EA10E6707C81F950814FF45BD4FC11431BF49EA1D2DFA0C89119B0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10021183, Relevance: 4.5, APIs: 3, Instructions: 40COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • LoadResource.KERNEL32(00000000,?,?,1002120D,00000000,00000000,?,?,1002189A,00000000,?,?,?,?,10021950,00000000), ref: 1002118E
                                                                                                          • LockResource.KERNEL32(00000000,?,?,1002120D,00000000,00000000,?,?,1002189A,00000000,?,?,?,?,10021950,00000000), ref: 1002119C
                                                                                                          • SizeofResource.KERNEL32(00000000,?,?,1002120D,00000000,00000000,?,?,1002189A,00000000,?,?,?,?,10021950,00000000), ref: 100211AE
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Resource$LoadLockSizeof
                                                                                                          • String ID:
                                                                                                          • API String ID: 2853612939-0
                                                                                                          • Opcode ID: 8b420e262c7312fbbd320bda05a88a884026fa2b8a5d750ea2b9a6c299d0f1d4
                                                                                                          • Instruction ID: 5885e8a255633e1cc81cd5e62f2e9d9df206611330dfebe0406f5a0ab521e5b9
                                                                                                          • Opcode Fuzzy Hash: 8b420e262c7312fbbd320bda05a88a884026fa2b8a5d750ea2b9a6c299d0f1d4
                                                                                                          • Instruction Fuzzy Hash: 7FF0F03A60013BA7CF219F69FC044E97BD5FF107E67414425FEA9C2060E231D870D680
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 100250A3, Relevance: 4.5, APIs: 3, Instructions: 38COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 8d3cc7cabb4d58ad44b84df687ee6d4ed92987b137f1ec63db657d71093bb1ad
                                                                                                          • Instruction ID: 0d7c4b7ad1d73a1697217a780c63f05e975ccc5f711293de909a3a3b9b9d2103
                                                                                                          • Opcode Fuzzy Hash: 8d3cc7cabb4d58ad44b84df687ee6d4ed92987b137f1ec63db657d71093bb1ad
                                                                                                          • Instruction Fuzzy Hash: 16F0A431600109ABDF11DF60DD88A9E7FB8FF05346F908021FC1AC5061DB32CA55EB99
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10024F01, Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Version_memset
                                                                                                          • String ID:
                                                                                                          • API String ID: 963298953-0
                                                                                                          • Opcode ID: 261500b53b9fbffb2ab7006eb20860b792d5709bcfa83feeb3a436b21e339e9d
                                                                                                          • Instruction ID: 60a6db508766d0176de5257cd9c04f851b8e12d18597fbeb5363c1cc45f9d795
                                                                                                          • Opcode Fuzzy Hash: 261500b53b9fbffb2ab7006eb20860b792d5709bcfa83feeb3a436b21e339e9d
                                                                                                          • Instruction Fuzzy Hash: 54F065799002189FEB50DB74DD46B8E77F8AB04304F9144E5950DD3282EA70AA48CB41
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10001280, Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • recvfrom.WS2_32(?,?,00000400,00000000,?,00000010), ref: 100012CF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: recvfrom
                                                                                                          • String ID:
                                                                                                          • API String ID: 846543921-0
                                                                                                          • Opcode ID: cdd5b8fa6bd2be514b31e1496784718f03a02615474b077ae9b11ea931df357f
                                                                                                          • Instruction ID: 69fb0fddd724ab168ece224e86e76236123086ad7b1ad86b3e1ae6067053412b
                                                                                                          • Opcode Fuzzy Hash: cdd5b8fa6bd2be514b31e1496784718f03a02615474b077ae9b11ea931df357f
                                                                                                          • Instruction Fuzzy Hash: 1B0125B5A0011C9FDB14CF58CD54BEEBBB9FF88304F4045A9E609A7241D7B46A84CFA5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10028DEC, Relevance: 33.4, APIs: 16, Strings: 3, Instructions: 179COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog3_GS.LIBCMT ref: 10028DF6
                                                                                                            • Part of subcall function 1002B0BB: __EH_prolog3.LIBCMT ref: 1002B0C2
                                                                                                          • CallNextHookEx.USER32 ref: 10028E3A
                                                                                                            • Part of subcall function 10023B5B: __CxxThrowException@8.LIBCMT ref: 10023B71
                                                                                                          • GetClassLongA.USER32 ref: 10028E7E
                                                                                                          • GlobalGetAtomNameA.KERNEL32 ref: 10028EA8
                                                                                                          • SetWindowLongA.USER32(?,000000FC,Function_00027C85), ref: 10028EFD
                                                                                                          • _memset.LIBCMT ref: 10028F47
                                                                                                          • GetClassLongA.USER32 ref: 10028F77
                                                                                                          • GetClassNameA.USER32(?,?,00000100), ref: 10028F98
                                                                                                          • GetWindowLongA.USER32 ref: 10028FBC
                                                                                                          • GetPropA.USER32 ref: 10028FD6
                                                                                                          • SetPropA.USER32(?,AfxOldWndProc423,?), ref: 10028FE1
                                                                                                          • GetPropA.USER32 ref: 10028FE9
                                                                                                          • GlobalAddAtomA.KERNEL32 ref: 10028FF1
                                                                                                          • SetWindowLongA.USER32(?,000000FC,Function_00028C9F), ref: 10028FFF
                                                                                                          • CallNextHookEx.USER32 ref: 10029017
                                                                                                          • UnhookWindowsHookEx.USER32(?), ref: 1002902B
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Long$ClassHookPropWindow$AtomCallGlobalNameNext$Exception@8H_prolog3H_prolog3_ThrowUnhookWindows_memset
                                                                                                          • String ID: #32768$AfxOldWndProc423$ime
                                                                                                          • API String ID: 867647115-4034971020
                                                                                                          • Opcode ID: 028737d45415cf4fc653e4401d117fb93ecf855678ad16e5d4e8c367e2bfe641
                                                                                                          • Instruction ID: c9f41a1409c6bb8d0fa3b18bb25e3997143979ac063bd30542687b89172f9a1c
                                                                                                          • Opcode Fuzzy Hash: 028737d45415cf4fc653e4401d117fb93ecf855678ad16e5d4e8c367e2bfe641
                                                                                                          • Instruction Fuzzy Hash: 2361027590122AAFDB11DF61DD88B9E7BB8FF093A1F920154F509E6191DB30DE80CBA4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 100214CB, Relevance: 31.7, APIs: 14, Strings: 4, Instructions: 158libraryloaderCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog3_GS.LIBCMT ref: 100214D5
                                                                                                          • GetModuleHandleA.KERNEL32(kernel32.dll,0000015C,1002179C,?,?), ref: 10021505
                                                                                                          • GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 10021519
                                                                                                          • ConvertDefaultLocale.KERNEL32(?), ref: 10021555
                                                                                                          • ConvertDefaultLocale.KERNEL32(?), ref: 10021563
                                                                                                          • GetProcAddress.KERNEL32(?,GetSystemDefaultUILanguage), ref: 10021580
                                                                                                          • ConvertDefaultLocale.KERNEL32(?), ref: 100215AB
                                                                                                          • ConvertDefaultLocale.KERNEL32(000003FF), ref: 100215B4
                                                                                                          • GetModuleHandleA.KERNEL32(ntdll.dll), ref: 100215CD
                                                                                                          • EnumResourceLanguagesA.KERNEL32 ref: 100215EA
                                                                                                          • ConvertDefaultLocale.KERNEL32(?), ref: 1002161D
                                                                                                          • ConvertDefaultLocale.KERNEL32(00000000), ref: 10021626
                                                                                                          • GetModuleFileNameA.KERNEL32(10000000,?,00000105), ref: 10021669
                                                                                                          • _memset.LIBCMT ref: 10021689
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ConvertDefaultLocale$Module$AddressHandleProc$EnumFileH_prolog3_LanguagesNameResource_memset
                                                                                                          • String ID: GetSystemDefaultUILanguage$GetUserDefaultUILanguage$kernel32.dll$ntdll.dll
                                                                                                          • API String ID: 3537336938-2299501126
                                                                                                          • Opcode ID: 482ed3ff8adc9dfca9f4a6a5a3eecf6aee0f7f9e6cd518195f59097e54c4c985
                                                                                                          • Instruction ID: 3754a4cc769aa270db1ce7901eb040107ed5b3d0b04ae9dca27c5b132e5f9257
                                                                                                          • Opcode Fuzzy Hash: 482ed3ff8adc9dfca9f4a6a5a3eecf6aee0f7f9e6cd518195f59097e54c4c985
                                                                                                          • Instruction Fuzzy Hash: 77515974C002289BCB61DF659C44BEDBAF4EB59300F5002EAE988E3291DB749E81CF94
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10024F5B, Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 78libraryloaderCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetModuleHandleA.KERNEL32(USER32,00000000,00000000,745F5D80,100250B0,?,?,?,?,?,?,?,10026FEC,00000000,00000002,00000028), ref: 10024F86
                                                                                                          • GetProcAddress.KERNEL32(00000000,GetSystemMetrics), ref: 10024FA2
                                                                                                          • GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 10024FB3
                                                                                                          • GetProcAddress.KERNEL32(00000000,MonitorFromRect), ref: 10024FC4
                                                                                                          • GetProcAddress.KERNEL32(00000000,MonitorFromPoint), ref: 10024FD5
                                                                                                          • GetProcAddress.KERNEL32(00000000,EnumDisplayMonitors), ref: 10024FE6
                                                                                                          • GetProcAddress.KERNEL32(00000000,GetMonitorInfoA), ref: 10024FF7
                                                                                                          • GetProcAddress.KERNEL32(00000000,EnumDisplayDevicesA), ref: 10025008
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AddressProc$HandleModule
                                                                                                          • String ID: EnumDisplayDevicesA$EnumDisplayMonitors$GetMonitorInfoA$GetSystemMetrics$MonitorFromPoint$MonitorFromRect$MonitorFromWindow$USER32
                                                                                                          • API String ID: 667068680-68207542
                                                                                                          • Opcode ID: 2c2d105ab76555674e553128ad85fc5a2fe8f9f5109b4f1e6913bbfff899dba8
                                                                                                          • Instruction ID: f18cf552d00ebf4573e19fd52f8b2344fe61d2491b1b7e62cf44cba2888c0d7d
                                                                                                          • Opcode Fuzzy Hash: 2c2d105ab76555674e553128ad85fc5a2fe8f9f5109b4f1e6913bbfff899dba8
                                                                                                          • Instruction Fuzzy Hash: 15213672D10170ABE752EF749DC886D7AF8F64C2827A1083FE302DA12AD7724540DF98
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10026EFC, Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 175windowCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Rect$Window$Copy$Long$MessageParentSend
                                                                                                          • String ID: (
                                                                                                          • API String ID: 808654186-3887548279
                                                                                                          • Opcode ID: ffd55680436a5d28903850f20e835ec9a2371b9025f3b79a50c4d24cc647ab29
                                                                                                          • Instruction ID: 79398ab63d643b80669917eeb3518c0a7ae9ea55fdc53564aac6bb8538d6af80
                                                                                                          • Opcode Fuzzy Hash: ffd55680436a5d28903850f20e835ec9a2371b9025f3b79a50c4d24cc647ab29
                                                                                                          • Instruction Fuzzy Hash: 08513C72900219AFDB01CBA8EE85AEEBBB9FF48350F554125F909F3251DB30ED458B64
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10034610, Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 57libraryloaderCOMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetModuleHandleW.KERNEL32(KERNEL32.DLL,1004E800,0000000C,1003474B,00000000,00000000,?,100351BF,00000000,00000001,00000000,?,100357EF,00000018,1004E870,0000000C), ref: 10034622
                                                                                                          • __crt_waiting_on_module_handle.LIBCMT ref: 1003462D
                                                                                                            • Part of subcall function 1003065C: Sleep.KERNEL32(000003E8,00000000,?,10034573,KERNEL32.DLL,?,?,10034907,00000000,?,1002E9AC,00000000,?,?,?,1002EA0F), ref: 10030668
                                                                                                            • Part of subcall function 1003065C: GetModuleHandleW.KERNEL32(00000000,?,10034573,KERNEL32.DLL,?,?,10034907,00000000,?,1002E9AC,00000000,?,?,?,1002EA0F,?), ref: 10030671
                                                                                                          • GetProcAddress.KERNEL32(00000000,EncodePointer), ref: 10034656
                                                                                                          • GetProcAddress.KERNEL32(00000000,DecodePointer), ref: 10034666
                                                                                                          • __lock.LIBCMT ref: 10034688
                                                                                                          • InterlockedIncrement.KERNEL32(?), ref: 10034695
                                                                                                          • __lock.LIBCMT ref: 100346A9
                                                                                                          • ___addlocaleref.LIBCMT ref: 100346C7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AddressHandleModuleProc__lock$IncrementInterlockedSleep___addlocaleref__crt_waiting_on_module_handle
                                                                                                          • String ID: DecodePointer$EncodePointer$KERNEL32.DLL
                                                                                                          • API String ID: 1028249917-2843748187
                                                                                                          • Opcode ID: 5b83938148a6bc88c1e014cfaa9ba3fc415054042f6b227dce2f604cd513625e
                                                                                                          • Instruction ID: 0d6301bb9ab871ffe84231295dfe76788f8a31cd98ef4b571f500b89faff28c9
                                                                                                          • Opcode Fuzzy Hash: 5b83938148a6bc88c1e014cfaa9ba3fc415054042f6b227dce2f604cd513625e
                                                                                                          • Instruction Fuzzy Hash: 1C11AF79801741AFE711CF79CD42B8ABBF0EF45311F214969E499EB2A0CB74AA40CB59
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10020C3F, Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 60libraryloaderCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetModuleHandleA.KERNEL32(KERNEL32), ref: 10020C68
                                                                                                          • GetProcAddress.KERNEL32(00000000,CreateActCtxA), ref: 10020C85
                                                                                                          • GetProcAddress.KERNEL32(00000000,ReleaseActCtx), ref: 10020C92
                                                                                                          • GetProcAddress.KERNEL32(00000000,ActivateActCtx), ref: 10020C9F
                                                                                                          • GetProcAddress.KERNEL32(00000000,DeactivateActCtx), ref: 10020CAC
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AddressProc$HandleModule
                                                                                                          • String ID: ActivateActCtx$CreateActCtxA$DeactivateActCtx$KERNEL32$ReleaseActCtx
                                                                                                          • API String ID: 667068680-3617302793
                                                                                                          • Opcode ID: dac128db901c47e6bb8252af25d8797b23f4122bed0c2a723d77acf103c536fb
                                                                                                          • Instruction ID: 164c5ab3b4a161f1fd64f3c59e5fc8043f34cbc47aed943c162e41eaa6e30758
                                                                                                          • Opcode Fuzzy Hash: dac128db901c47e6bb8252af25d8797b23f4122bed0c2a723d77acf103c536fb
                                                                                                          • Instruction Fuzzy Hash: 621130F1C002A19BDB11DF99ADC484ABFE9F656240363427FF218D3221EB708854CE17
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10043A65, Relevance: 17.5, APIs: 9, Strings: 1, Instructions: 49COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog3.LIBCMT ref: 10043A6C
                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 10043A76
                                                                                                          • int.LIBCPMT ref: 10043A8D
                                                                                                            • Part of subcall function 100427A3: std::_Lockit::_Lockit.LIBCPMT ref: 100427B6
                                                                                                          • std::locale::_Getfacet.LIBCPMT ref: 10043A96
                                                                                                          • ctype.LIBCPMT ref: 10043AB0
                                                                                                          • std::bad_exception::bad_exception.LIBCMT ref: 10043AC4
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 10043AD2
                                                                                                          • std::locale::facet::_Incref.LIBCPMT ref: 10043AE2
                                                                                                          • std::locale::facet::facet_Register.LIBCPMT ref: 10043AE8
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: LockitLockit::_std::_$Exception@8GetfacetH_prolog3IncrefRegisterThrowctypestd::bad_exception::bad_exceptionstd::locale::_std::locale::facet::_std::locale::facet::facet_
                                                                                                          • String ID: bad cast
                                                                                                          • API String ID: 2535038987-3145022300
                                                                                                          • Opcode ID: 3269a5203a73611e901993287b551c215e6cb5b556df1f504442498d94acef6b
                                                                                                          • Instruction ID: 41e516e335ea381e6c6cf3992b6e31462ccd823a1db2d0b16548d00875c41f3f
                                                                                                          • Opcode Fuzzy Hash: 3269a5203a73611e901993287b551c215e6cb5b556df1f504442498d94acef6b
                                                                                                          • Instruction Fuzzy Hash: 7E01C039D401699BCB02DBA4DC42AEE7375FF84760F724129F110EB1D1DF74AA008799
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10043C84, Relevance: 17.5, APIs: 9, Strings: 1, Instructions: 49COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog3.LIBCMT ref: 10043C8B
                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 10043C95
                                                                                                          • int.LIBCPMT ref: 10043CAC
                                                                                                            • Part of subcall function 100427A3: std::_Lockit::_Lockit.LIBCPMT ref: 100427B6
                                                                                                          • std::locale::_Getfacet.LIBCPMT ref: 10043CB5
                                                                                                          • codecvt.LIBCPMT ref: 10043CCF
                                                                                                          • std::bad_exception::bad_exception.LIBCMT ref: 10043CE3
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 10043CF1
                                                                                                          • std::locale::facet::_Incref.LIBCPMT ref: 10043D01
                                                                                                          • std::locale::facet::facet_Register.LIBCPMT ref: 10043D07
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: LockitLockit::_std::_$Exception@8GetfacetH_prolog3IncrefRegisterThrowcodecvtstd::bad_exception::bad_exceptionstd::locale::_std::locale::facet::_std::locale::facet::facet_
                                                                                                          • String ID: bad cast
                                                                                                          • API String ID: 577375395-3145022300
                                                                                                          • Opcode ID: 92449c159e0a17ff4070164fc4e6f4138defaf5b0dd7c915e336a137390c2ee1
                                                                                                          • Instruction ID: 1c641b6faa081a6f5f4558330d18bfb7172afe5efef557fc2d9691916cc6be6c
                                                                                                          • Opcode Fuzzy Hash: 92449c159e0a17ff4070164fc4e6f4138defaf5b0dd7c915e336a137390c2ee1
                                                                                                          • Instruction Fuzzy Hash: E701A979D002199BCB06DBA0DC42AAE7375FF84660FB14129F111FB1E1DF74AA008798
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002341C, Relevance: 16.6, APIs: 11, Instructions: 139COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog3_catch.LIBCMT ref: 10023423
                                                                                                          • FindResourceA.KERNEL32(?,?,00000005), ref: 10023456
                                                                                                          • LoadResource.KERNEL32(?,00000000), ref: 1002345E
                                                                                                            • Part of subcall function 100275EC: UnhookWindowsHookEx.USER32(?), ref: 1002761C
                                                                                                          • LockResource.KERNEL32(?,00000024,1000150C,00000000,8D9F250A), ref: 1002346F
                                                                                                          • GetDesktopWindow.USER32 ref: 100234A2
                                                                                                          • IsWindowEnabled.USER32(?), ref: 100234B0
                                                                                                          • EnableWindow.USER32(?,00000000), ref: 100234BF
                                                                                                            • Part of subcall function 1002A492: IsWindowEnabled.USER32(?), ref: 1002A49B
                                                                                                            • Part of subcall function 1002A4AD: EnableWindow.USER32(?,00000000), ref: 1002A4BE
                                                                                                          • EnableWindow.USER32(?,00000001), ref: 100235A4
                                                                                                          • GetActiveWindow.USER32 ref: 100235AF
                                                                                                          • SetActiveWindow.USER32(?,?,00000024,1000150C,00000000,8D9F250A), ref: 100235BD
                                                                                                          • FreeResource.KERNEL32(?,?,00000024,1000150C,00000000,8D9F250A), ref: 100235D9
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Window$Resource$Enable$ActiveEnabled$DesktopFindFreeH_prolog3_catchHookLoadLockUnhookWindows
                                                                                                          • String ID:
                                                                                                          • API String ID: 964565984-0
                                                                                                          • Opcode ID: 9f51e5419fd464f8870fff1869e5699930f25b995303faded1736d57e07594c8
                                                                                                          • Instruction ID: c961092801c59ee9409441e3dbe49a4a333b051d42b2e552560430daa244bbc0
                                                                                                          • Opcode Fuzzy Hash: 9f51e5419fd464f8870fff1869e5699930f25b995303faded1736d57e07594c8
                                                                                                          • Instruction Fuzzy Hash: AA51A034A00B15DFDF11DFA4E9856AEBBF0FF48711F904029E54AA21A1CB719E81CF55
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10028C9F, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 91COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog3_catch.LIBCMT ref: 10028CA6
                                                                                                          • GetPropA.USER32 ref: 10028CB5
                                                                                                          • CallWindowProcA.USER32 ref: 10028D0F
                                                                                                            • Part of subcall function 10027B1C: GetWindowRect.USER32 ref: 10027B46
                                                                                                          • SetWindowLongA.USER32(?,000000FC,?), ref: 10028D36
                                                                                                          • RemovePropA.USER32 ref: 10028D3E
                                                                                                          • GlobalFindAtomA.KERNEL32 ref: 10028D45
                                                                                                          • GlobalDeleteAtom.KERNEL32 ref: 10028D4F
                                                                                                          • CallWindowProcA.USER32 ref: 10028DA3
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Window$AtomCallGlobalProcProp$DeleteFindH_prolog3_catchLongRectRemove
                                                                                                          • String ID: AfxOldWndProc423
                                                                                                          • API String ID: 2109165785-1060338832
                                                                                                          • Opcode ID: dccbfa165b239661d1f4eaae413e83b7f4de832619f3524192097b6a1288ccad
                                                                                                          • Instruction ID: ff35111d89a6fae3ee79e979b08ab4de06e021ef9fe06013c3cb9f10e1bb71d8
                                                                                                          • Opcode Fuzzy Hash: dccbfa165b239661d1f4eaae413e83b7f4de832619f3524192097b6a1288ccad
                                                                                                          • Instruction Fuzzy Hash: FB31843A80111ABBDF02DFA0EE49DBF7BB8FF46341F800519FA05A50A1C7759A14DBA5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002B9A0, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 64COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetStockObject.GDI32(00000011), ref: 1002B9C8
                                                                                                          • GetStockObject.GDI32(0000000D), ref: 1002B9D0
                                                                                                          • GetObjectA.GDI32(00000000,0000003C,?), ref: 1002B9DD
                                                                                                          • GetDC.USER32(00000000), ref: 1002B9EC
                                                                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 1002BA00
                                                                                                          • MulDiv.KERNEL32(00000000,00000048,00000000), ref: 1002BA0C
                                                                                                          • ReleaseDC.USER32 ref: 1002BA18
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Object$Stock$CapsDeviceRelease
                                                                                                          • String ID: System
                                                                                                          • API String ID: 46613423-3470857405
                                                                                                          • Opcode ID: 95aa6347fd842ffca335552be3f3c7f3934e69caa990673b5ebc058802f1fbd6
                                                                                                          • Instruction ID: 22c60c461008f25a8b5f8ebf610b65477afa905285395b5dac6d7a6a43a1c48b
                                                                                                          • Opcode Fuzzy Hash: 95aa6347fd842ffca335552be3f3c7f3934e69caa990673b5ebc058802f1fbd6
                                                                                                          • Instruction Fuzzy Hash: F611C171A01228EBEB10DBA5DD89FAE7BB8FF05781F400015FA05E61C1DB709D01CBA4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1001E790, Relevance: 13.6, APIs: 9, Instructions: 105windowCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: MessageSend$_strlen
                                                                                                          • String ID:
                                                                                                          • API String ID: 3697954797-0
                                                                                                          • Opcode ID: 50909218d121ae73ae8b47ddfd2900abd0d565cb3fc4bb7cb040f620d48819e1
                                                                                                          • Instruction ID: 0edfc11e8551d9ebf0957f65f3a3322fb23760369c1f09792b2f79df2d73aaf8
                                                                                                          • Opcode Fuzzy Hash: 50909218d121ae73ae8b47ddfd2900abd0d565cb3fc4bb7cb040f620d48819e1
                                                                                                          • Instruction Fuzzy Hash: 22413A74F00306ABE704CF94CD85FAEB7B5FB88B41F208159FA19AB291C670A941DB54
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002AF6B, Relevance: 13.6, APIs: 9, Instructions: 96memoryCOMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog3_catch.LIBCMT ref: 1002AF72
                                                                                                          • EnterCriticalSection.KERNEL32(?,00000010,1002B13B,?,00000000,?,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004,100217C4,00000004,10001461), ref: 1002AF83
                                                                                                          • TlsGetValue.KERNEL32(?,?,00000000,?,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004,100217C4,00000004,10001461,00000000), ref: 1002AFA1
                                                                                                          • LocalAlloc.KERNEL32(00000000,00000000,00000000,00000010,?,?,00000000,?,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002AFD5
                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,00000000,?,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004,100217C4,00000004,10001461,00000000), ref: 1002B041
                                                                                                          • _memset.LIBCMT ref: 1002B060
                                                                                                          • TlsSetValue.KERNEL32(?,00000000), ref: 1002B071
                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,00000000,?,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004,100217C4,00000004,10001461,00000000), ref: 1002B092
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CriticalSection$LeaveValue$AllocEnterH_prolog3_catchLocal_memset
                                                                                                          • String ID:
                                                                                                          • API String ID: 1891723912-0
                                                                                                          • Opcode ID: 26dcec1041afacb20883f8a88d8399bfa0257013ec7d92cf10d39ecfaabb8d94
                                                                                                          • Instruction ID: 31172aa3a9d6c7229b9057958b552749f74c39a7ca69aeefdb4b4ffe67e485c6
                                                                                                          • Opcode Fuzzy Hash: 26dcec1041afacb20883f8a88d8399bfa0257013ec7d92cf10d39ecfaabb8d94
                                                                                                          • Instruction Fuzzy Hash: 2431BCB4400A16EFDB25DF64ECC5C5ABBB4FF05310BA1C529E96A97661CB30AD90CF80
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10001920, Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 119COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 10001982
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Exception@8Throw
                                                                                                          • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                          • API String ID: 2005118841-1866435925
                                                                                                          • Opcode ID: 51a00e0988f626f2dae953a8ada664ba94390563386f7a615b68e84484e52bf4
                                                                                                          • Instruction ID: 1c38ab3b2c14ee1c247bdf225933c46791fcea5bd7c47801f16d03e79e27f587
                                                                                                          • Opcode Fuzzy Hash: 51a00e0988f626f2dae953a8ada664ba94390563386f7a615b68e84484e52bf4
                                                                                                          • Instruction Fuzzy Hash: 29518A34904688EEDB14DFA0CC85BDDB7B1EF45300F6081ADE5056B285CBB46E85CF91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10021F51, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 115threadwindowCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 10021E9F: GetParent.USER32(00000000), ref: 10021EF3
                                                                                                            • Part of subcall function 10021E9F: GetLastActivePopup.USER32(00000000), ref: 10021F04
                                                                                                            • Part of subcall function 10021E9F: IsWindowEnabled.USER32(00000000), ref: 10021F18
                                                                                                            • Part of subcall function 10021E9F: EnableWindow.USER32(00000000,00000000), ref: 10021F2B
                                                                                                          • EnableWindow.USER32(?,00000001), ref: 10021F9E
                                                                                                          • GetWindowThreadProcessId.USER32(?,?), ref: 10021FB2
                                                                                                          • GetCurrentProcessId.KERNEL32 ref: 10021FBC
                                                                                                          • SendMessageA.USER32 ref: 10021FD4
                                                                                                          • GetModuleFileNameA.KERNEL32(00000000,00000000,00000104), ref: 1002204E
                                                                                                          • EnableWindow.USER32(00000000,00000001), ref: 10022093
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Window$Enable$Process$ActiveCurrentEnabledFileLastMessageModuleNameParentPopupSendThread
                                                                                                          • String ID: 0
                                                                                                          • API String ID: 1877664794-4108050209
                                                                                                          • Opcode ID: fa47c2bca283c1efa9c57a90baf6965e2cf2faf5ec170df8e895b8240d28c0a6
                                                                                                          • Instruction ID: c7e4dcc29fd9e1fd486e00497d35318e62f13d9d594050e36cf698265b5585c7
                                                                                                          • Opcode Fuzzy Hash: fa47c2bca283c1efa9c57a90baf6965e2cf2faf5ec170df8e895b8240d28c0a6
                                                                                                          • Instruction Fuzzy Hash: 7B41EF75A00228ABEB21CF64DC86BDA77B8FF14750F900599FA58D7281D7B09E80CF90
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002102D, Relevance: 12.1, APIs: 8, Instructions: 66memorystringCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GlobalLock.KERNEL32 ref: 1002104C
                                                                                                          • lstrcmpA.KERNEL32(?,?), ref: 10021058
                                                                                                          • OpenPrinterA.WINSPOOL.DRV(?,?,00000000), ref: 1002106A
                                                                                                          • DocumentPropertiesA.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 1002108A
                                                                                                          • GlobalAlloc.KERNEL32(00000042,00000000,00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 10021092
                                                                                                          • GlobalLock.KERNEL32 ref: 1002109C
                                                                                                          • DocumentPropertiesA.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000002), ref: 100210A9
                                                                                                          • ClosePrinter.WINSPOOL.DRV(?,00000000,?,?,00000000,00000000,00000002), ref: 100210C1
                                                                                                            • Part of subcall function 1002A801: GlobalFlags.KERNEL32(?), ref: 1002A810
                                                                                                            • Part of subcall function 1002A801: GlobalUnlock.KERNEL32(?,?,?,?,10021A27,?,00000214,1000148F), ref: 1002A822
                                                                                                            • Part of subcall function 1002A801: GlobalFree.KERNEL32 ref: 1002A82D
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Global$DocumentLockProperties$AllocCloseFlagsFreeOpenPrinterPrinter.Unlocklstrcmp
                                                                                                          • String ID:
                                                                                                          • API String ID: 168474834-0
                                                                                                          • Opcode ID: 85f582fc0fa2d760b393ed167a5d421003042f2adcf672044b7dbfb8b9eda5cc
                                                                                                          • Instruction ID: 1e26f6493bbdf61cc617228eadb58d3a13350607a0778397bdab265459f41c03
                                                                                                          • Opcode Fuzzy Hash: 85f582fc0fa2d760b393ed167a5d421003042f2adcf672044b7dbfb8b9eda5cc
                                                                                                          • Instruction Fuzzy Hash: 6E11E079600640BBDB228BA5CD89DAFBAFDFB867407500529F605D2020DA72ED81DB64
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002A98E, Relevance: 12.0, APIs: 8, Instructions: 39COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetSystemMetrics.USER32 ref: 1002A99D
                                                                                                          • GetSystemMetrics.USER32 ref: 1002A9A4
                                                                                                          • GetSystemMetrics.USER32 ref: 1002A9AB
                                                                                                          • GetSystemMetrics.USER32 ref: 1002A9B5
                                                                                                          • GetDC.USER32(00000000), ref: 1002A9BF
                                                                                                          • GetDeviceCaps.GDI32(00000000,00000058), ref: 1002A9D0
                                                                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 1002A9D8
                                                                                                          • ReleaseDC.USER32 ref: 1002A9E0
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: MetricsSystem$CapsDevice$Release
                                                                                                          • String ID:
                                                                                                          • API String ID: 1151147025-0
                                                                                                          • Opcode ID: 97df97701bdba165d7bd0f3935d33a7940ab39bf43f5bcde9822dd001b09b376
                                                                                                          • Instruction ID: 4b18a5fc2a191a652713761d43d2b2da4b0cc28fbe92607e78cb1662e9ca01b2
                                                                                                          • Opcode Fuzzy Hash: 97df97701bdba165d7bd0f3935d33a7940ab39bf43f5bcde9822dd001b09b376
                                                                                                          • Instruction Fuzzy Hash: 0CF0F9B1E40724BAF7105F728C89B167EA8FB49761F004456E6199B281DAB599118FD0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10001D60, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 136windowCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _strlen$IconLoad_memset
                                                                                                          • String ID: ^t$127.0.0.1
                                                                                                          • API String ID: 858515944-3506571716
                                                                                                          • Opcode ID: b8f0a33aed5857d50bc6d4f51472f84c63fc56d9dccdc7a641a98e34b1a5589f
                                                                                                          • Instruction ID: cb70d14c711791ee52ee588ee2f9325bb7e7fa3515ba92e26f588566a221a80e
                                                                                                          • Opcode Fuzzy Hash: b8f0a33aed5857d50bc6d4f51472f84c63fc56d9dccdc7a641a98e34b1a5589f
                                                                                                          • Instruction Fuzzy Hash: AE5118B4904298DBDB14CFA4CC41B9EBBB1EF45308F6481A8E50DAB392DB356E85CF54
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002B84C, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 128stringCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GlobalLock.KERNEL32 ref: 1002B878
                                                                                                          • lstrlenA.KERNEL32(?), ref: 1002B8C3
                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000020), ref: 1002B8DD
                                                                                                          • _wcslen.LIBCMT ref: 1002B901
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ByteCharGlobalLockMultiWide_wcslenlstrlen
                                                                                                          • String ID: System
                                                                                                          • API String ID: 4253822919-3470857405
                                                                                                          • Opcode ID: d5816cacfd0a332e5282f5be394baf9a0c0f2a364455dc9baade1f500cebd3c2
                                                                                                          • Instruction ID: 7b5a175680f670ca79b6c2ec9272e95e82f354ff2106dbd97111df154043a3f4
                                                                                                          • Opcode Fuzzy Hash: d5816cacfd0a332e5282f5be394baf9a0c0f2a364455dc9baade1f500cebd3c2
                                                                                                          • Instruction Fuzzy Hash: C8412671D00619DFDB14CFA4DC85AAEBBB9FF04310F64812AE516EB285E770AD85CB50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 100270BC, Relevance: 10.6, APIs: 7, Instructions: 117windowCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetParent.USER32(?), ref: 100270EF
                                                                                                          • PeekMessageA.USER32(00000024,00000000,00000000,00000000,00000000), ref: 10027113
                                                                                                          • UpdateWindow.USER32(?), ref: 1002712E
                                                                                                          • SendMessageA.USER32 ref: 1002714F
                                                                                                          • SendMessageA.USER32 ref: 10027167
                                                                                                          • UpdateWindow.USER32(?), ref: 100271AA
                                                                                                          • PeekMessageA.USER32(00000024,00000000,00000000,00000000,00000000), ref: 100271DB
                                                                                                            • Part of subcall function 1002A3F0: GetWindowLongA.USER32 ref: 1002A3FB
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Message$Window$PeekSendUpdate$LongParent
                                                                                                          • String ID:
                                                                                                          • API String ID: 2853195852-0
                                                                                                          • Opcode ID: 5e6b9223f0a1804046a8fbfe378e80d9714a9eacbb44f0fef3914e7058a9bdf9
                                                                                                          • Instruction ID: e439185c47b7e5e34c348b8e0b3dbe5bb3c4b57b45cec7e657144295835a6737
                                                                                                          • Opcode Fuzzy Hash: 5e6b9223f0a1804046a8fbfe378e80d9714a9eacbb44f0fef3914e7058a9bdf9
                                                                                                          • Instruction Fuzzy Hash: 9041C370E00246EBDB11CF69DC84E9FBBF8FF82B81F90815DE949A2150D7719A50DB10
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10027676, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 104windowCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: LongWindow$MessageSend_memset
                                                                                                          • String ID: ,
                                                                                                          • API String ID: 2997958587-3772416878
                                                                                                          • Opcode ID: 1276ef7f4d5813a713450155f5ae2d4635a7a3024c65db1a6c5f2f6a990dd864
                                                                                                          • Instruction ID: f848ae84a4977e1a31b52bc52376e27e10e8709ed1b3efe9ee7841c93cdd6a05
                                                                                                          • Opcode Fuzzy Hash: 1276ef7f4d5813a713450155f5ae2d4635a7a3024c65db1a6c5f2f6a990dd864
                                                                                                          • Instruction Fuzzy Hash: 1431C134600B119FC715DF78E888A6AB7F5FF48350B92056DE58997691DB70E800CF94
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002245E, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 101registryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog3_GS.LIBCMT ref: 10022468
                                                                                                          • RegOpenKeyA.ADVAPI32(80000001,?,?), ref: 1002254E
                                                                                                          • RegEnumKeyA.ADVAPI32(?,00000000,?,00000104), ref: 1002256B
                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 1002258B
                                                                                                          • RegQueryValueA.ADVAPI32(80000001,?,?,?), ref: 100225A6
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CloseEnumH_prolog3_OpenQueryValue
                                                                                                          • String ID: Software\
                                                                                                          • API String ID: 1666054129-964853688
                                                                                                          • Opcode ID: 3dcc581e61560c1b2a89a559af4b2aadf043690cbf44cd43855230fa8fe55520
                                                                                                          • Instruction ID: 3764a028f082780bf1b34d3e1a3aecc110f1b9c57831791e493d608046546682
                                                                                                          • Opcode Fuzzy Hash: 3dcc581e61560c1b2a89a559af4b2aadf043690cbf44cd43855230fa8fe55520
                                                                                                          • Instruction Fuzzy Hash: 3C41AC35800128EBCB22DBA0CC81AEEB3B8FF49310F5045D9F249E2191DB34AB958F94
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 100222E0, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 86registryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 100222EA
                                                                                                          • RegOpenKeyA.ADVAPI32(?,?,?), ref: 10022378
                                                                                                          • RegEnumKeyA.ADVAPI32(?,00000000,?,00000104), ref: 1002239B
                                                                                                            • Part of subcall function 1002228B: __EH_prolog3.LIBCMT ref: 10022292
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: EnumH_prolog3H_prolog3_catch_Open
                                                                                                          • String ID: Software\Classes\
                                                                                                          • API String ID: 3518408925-1121929649
                                                                                                          • Opcode ID: 148a9a07ce493e8523daa3725bf67091589f603dbf0392a59fe7285a5da600ad
                                                                                                          • Instruction ID: 704202dc6e21b2fa8b48efa6eea704b7fc6a1643c8ca87a9ade3220d51c06aab
                                                                                                          • Opcode Fuzzy Hash: 148a9a07ce493e8523daa3725bf67091589f603dbf0392a59fe7285a5da600ad
                                                                                                          • Instruction Fuzzy Hash: A1317C36C00068EBDB22EBA4CD44BDDB6B8FB09350F5141D5F999A3252DA306FA49F91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002B26C, Relevance: 10.6, APIs: 7, Instructions: 70windowCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetCapture.USER32 ref: 1002B279
                                                                                                          • SendMessageA.USER32 ref: 1002B294
                                                                                                          • GetFocus.USER32 ref: 1002B2A9
                                                                                                          • SendMessageA.USER32 ref: 1002B2B7
                                                                                                          • GetLastActivePopup.USER32(?), ref: 1002B2E0
                                                                                                          • SendMessageA.USER32 ref: 1002B2ED
                                                                                                            • Part of subcall function 1002881E: GetWindowLongA.USER32 ref: 10028844
                                                                                                            • Part of subcall function 1002881E: GetParent.USER32(?), ref: 10028852
                                                                                                          • SendMessageA.USER32 ref: 1002B313
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: MessageSend$ActiveCaptureFocusLastLongParentPopupWindow
                                                                                                          • String ID:
                                                                                                          • API String ID: 3338174999-0
                                                                                                          • Opcode ID: 8b045ddbd33b9174f1829eda3b456e63d99d5e6e5f6e5226114c782d6a6a23be
                                                                                                          • Instruction ID: 3a08670cfc868389e080b955865bcb0f045f405a5b874c30a2897e43bb08e3ed
                                                                                                          • Opcode Fuzzy Hash: 8b045ddbd33b9174f1829eda3b456e63d99d5e6e5f6e5226114c782d6a6a23be
                                                                                                          • Instruction Fuzzy Hash: 7F1146B590065AFFEB11DFA1DD8AC9E7E7CEF41788B910075F504A2121EB719F04AB20
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002AAF8, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 66registryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • RegOpenKeyExA.ADVAPI32(80000001,software,00000000,0002001F,?), ref: 1002AB28
                                                                                                          • RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?), ref: 1002AB4B
                                                                                                          • RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?), ref: 1002AB67
                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 1002AB77
                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 1002AB81
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CloseCreate$Open
                                                                                                          • String ID: software
                                                                                                          • API String ID: 1740278721-2010147023
                                                                                                          • Opcode ID: ccb9b6360ff57769a68f726ed1728c19480870e0bb9bbd8d9feb64ffad4441d4
                                                                                                          • Instruction ID: fb36ca9c2f952ecb3db15ddf6cda8d32fba402c4719dfc4725c3bd37d29a496b
                                                                                                          • Opcode Fuzzy Hash: ccb9b6360ff57769a68f726ed1728c19480870e0bb9bbd8d9feb64ffad4441d4
                                                                                                          • Instruction Fuzzy Hash: 6B11E672900158FBDB11DB9ADD88CDFBFBDEB8A750B5000AAF504A2122D7319E44DBA0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002B00C, Relevance: 10.6, APIs: 7, Instructions: 51memoryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 1002B013
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 1002B01D
                                                                                                            • Part of subcall function 100312CD: RaiseException.KERNEL32(?,?,1004B6B4,1004F1B8,?,?,?,100203CA,1004B6B4,1004F1B8,00000000,00000000), ref: 1003130F
                                                                                                          • LocalReAlloc.KERNEL32(?,00000000,00000002,00000000,00000010,?,?,00000000,?,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004), ref: 1002B034
                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,00000000,?,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004,100217C4,00000004,10001461,00000000), ref: 1002B041
                                                                                                            • Part of subcall function 10023B23: __CxxThrowException@8.LIBCMT ref: 10023B39
                                                                                                          • _memset.LIBCMT ref: 1002B060
                                                                                                          • TlsSetValue.KERNEL32(?,00000000), ref: 1002B071
                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,00000000,?,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004,100217C4,00000004,10001461,00000000), ref: 1002B092
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CriticalLeaveSection$Exception@8Throw$AllocExceptionLocalRaiseValue_memset
                                                                                                          • String ID:
                                                                                                          • API String ID: 356813703-0
                                                                                                          • Opcode ID: 57ffba166e203e5f771fa8df9200c34d4f09cabdb1cbb7fcc74f3b72e3f2cbe0
                                                                                                          • Instruction ID: 36d3102e2cb30bc4552268f57227952f3745dc8c02fd82b3b9104c669509b869
                                                                                                          • Opcode Fuzzy Hash: 57ffba166e203e5f771fa8df9200c34d4f09cabdb1cbb7fcc74f3b72e3f2cbe0
                                                                                                          • Instruction Fuzzy Hash: DC115E74100605AFD725EF64DCC5D2BBBB9FF453107A0C529F969D6522CB30AC24CB94
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002A948, Relevance: 10.5, APIs: 7, Instructions: 30COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetSysColor.USER32(0000000F), ref: 1002A956
                                                                                                          • GetSysColor.USER32(00000010), ref: 1002A95D
                                                                                                          • GetSysColor.USER32(00000014), ref: 1002A964
                                                                                                          • GetSysColor.USER32(00000012), ref: 1002A96B
                                                                                                          • GetSysColor.USER32(00000006), ref: 1002A972
                                                                                                          • GetSysColorBrush.USER32(0000000F), ref: 1002A97F
                                                                                                          • GetSysColorBrush.USER32(00000006), ref: 1002A986
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Color$Brush
                                                                                                          • String ID:
                                                                                                          • API String ID: 2798902688-0
                                                                                                          • Opcode ID: 2aeb855fe3a01d91a1c159618acf838dda1bc2281205f0400994082937ea778a
                                                                                                          • Instruction ID: 2de359d209fd3f7b37bcce9053ec3ec9da3e309d31870537ed148616a4e248d0
                                                                                                          • Opcode Fuzzy Hash: 2aeb855fe3a01d91a1c159618acf838dda1bc2281205f0400994082937ea778a
                                                                                                          • Instruction Fuzzy Hash: 0BF0FE719407445BD730BF724E49B47BAD1FFC4710F02092EE2458B990D6B6E441DF44
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10023266, Relevance: 9.1, APIs: 6, Instructions: 136COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog3_catch.LIBCMT ref: 1002326D
                                                                                                          • GlobalLock.KERNEL32 ref: 10023345
                                                                                                          • CreateDialogIndirectParamA.USER32(?,?,?,10022CA4,00000000), ref: 10023374
                                                                                                          • DestroyWindow.USER32(00000000,?,1000150C,00000000,8D9F250A), ref: 100233EE
                                                                                                          • GlobalUnlock.KERNEL32(?,?,1000150C,00000000,8D9F250A), ref: 100233FE
                                                                                                          • GlobalFree.KERNEL32 ref: 10023407
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Global$CreateDestroyDialogFreeH_prolog3_catchIndirectLockParamUnlockWindow
                                                                                                          • String ID:
                                                                                                          • API String ID: 3003189058-0
                                                                                                          • Opcode ID: 888fa3cfcf776247989f330621f25040a0e9d6be9df16a9d0be9406a16dfc2c2
                                                                                                          • Instruction ID: 542586d5134ef99c8f61472b69a72313b72e87743f096b2e8f632b75dff3f323
                                                                                                          • Opcode Fuzzy Hash: 888fa3cfcf776247989f330621f25040a0e9d6be9df16a9d0be9406a16dfc2c2
                                                                                                          • Instruction Fuzzy Hash: DD519B31A0024AEFCB04DFA4E9859AEBBB5EF04350F95442DF506E7292CB70AA45CB61
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10021E9F, Relevance: 9.1, APIs: 6, Instructions: 69COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetWindowLongA.USER32 ref: 10021ED2
                                                                                                          • GetParent.USER32(00000000), ref: 10021EE0
                                                                                                          • GetParent.USER32(00000000), ref: 10021EF3
                                                                                                          • GetLastActivePopup.USER32(00000000), ref: 10021F04
                                                                                                          • IsWindowEnabled.USER32(00000000), ref: 10021F18
                                                                                                          • EnableWindow.USER32(00000000,00000000), ref: 10021F2B
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Window$Parent$ActiveEnableEnabledLastLongPopup
                                                                                                          • String ID:
                                                                                                          • API String ID: 670545878-0
                                                                                                          • Opcode ID: 472b318fd5bad27ffdf09f8c34eab2449045ee6e889f529d1c6834af2a2317c9
                                                                                                          • Instruction ID: f929a2de190b898985c8684475384bdcb1a7d6cc0d17529594567964d95cf4f5
                                                                                                          • Opcode Fuzzy Hash: 472b318fd5bad27ffdf09f8c34eab2449045ee6e889f529d1c6834af2a2317c9
                                                                                                          • Instruction Fuzzy Hash: 7711E73B5012725BDBA2DA65AD80BDF32D8EFB5AE1F830165EC24E7204D730CD0142D5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10037738, Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __CreateFrameInfo.LIBCMT ref: 10037760
                                                                                                            • Part of subcall function 10030430: __getptd.LIBCMT ref: 1003043E
                                                                                                            • Part of subcall function 10030430: __getptd.LIBCMT ref: 1003044C
                                                                                                          • __getptd.LIBCMT ref: 1003776A
                                                                                                            • Part of subcall function 10034770: __getptd_noexit.LIBCMT ref: 10034773
                                                                                                            • Part of subcall function 10034770: __amsg_exit.LIBCMT ref: 10034780
                                                                                                          • __getptd.LIBCMT ref: 10037778
                                                                                                          • __getptd.LIBCMT ref: 10037786
                                                                                                          • __getptd.LIBCMT ref: 10037791
                                                                                                          • _CallCatchBlock2.LIBCMT ref: 100377B7
                                                                                                            • Part of subcall function 100304D5: __CallSettingFrame@12.LIBCMT ref: 10030521
                                                                                                            • Part of subcall function 1003785E: __getptd.LIBCMT ref: 1003786D
                                                                                                            • Part of subcall function 1003785E: __getptd.LIBCMT ref: 1003787B
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: __getptd$Call$Block2CatchCreateFrameFrame@12InfoSetting__amsg_exit__getptd_noexit
                                                                                                          • String ID:
                                                                                                          • API String ID: 1602911419-0
                                                                                                          • Opcode ID: 46636e942f87dcca0c30cf7feca0092d3b0ea187b49415045ba274b669f62aa0
                                                                                                          • Instruction ID: fb1f34f9027f5a0fd6fb665b034cbc12c1ee6665b85233a2d450c333db5c1a8f
                                                                                                          • Opcode Fuzzy Hash: 46636e942f87dcca0c30cf7feca0092d3b0ea187b49415045ba274b669f62aa0
                                                                                                          • Instruction Fuzzy Hash: 4F1104B9C04249EFDB01DFA4D945AEE7BB1FF08315F508469F814AB251DB38AA11DF90
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002A8D2, Relevance: 9.0, APIs: 6, Instructions: 46COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Window$Rect$ClientCtrlLongScreen
                                                                                                          • String ID:
                                                                                                          • API String ID: 1315500227-0
                                                                                                          • Opcode ID: f0130467347104804c256745cbc3b6b13c5e57ae72556175195e5c4804d3d92f
                                                                                                          • Instruction ID: abcb09268cf445b2c35b0e2b56c0cfd5e9caec1888beec0722017402bcd9ce52
                                                                                                          • Opcode Fuzzy Hash: f0130467347104804c256745cbc3b6b13c5e57ae72556175195e5c4804d3d92f
                                                                                                          • Instruction Fuzzy Hash: FC018F32500126BBEB219F559D48EAF3BACFF463A1F414165FD15D6060DB30DA829A98
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10029F40, Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 244COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _memset
                                                                                                          • String ID: @$@$AfxFrameOrView90s$AfxMDIFrame90s
                                                                                                          • API String ID: 2102423945-455206835
                                                                                                          • Opcode ID: 7bcac898d79bec3422349b7028506952ff69134773f17cb7bb074026e0cf6295
                                                                                                          • Instruction ID: fa70bd333b2ddaae6f39455d5bc8e436e1dc58d3be4ecb045c2565641b92f197
                                                                                                          • Opcode Fuzzy Hash: 7bcac898d79bec3422349b7028506952ff69134773f17cb7bb074026e0cf6295
                                                                                                          • Instruction Fuzzy Hash: BD914175C00219ABDB80CFA4D581BDEBBF9EF48384F518065F908E7181EB749B84DBA1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10020982, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 94windowCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetMenuCheckMarkDimensions.USER32 ref: 1002099A
                                                                                                          • _memset.LIBCMT ref: 10020A12
                                                                                                          • CreateBitmap.GDI32(?,?,00000001,00000001,?), ref: 10020A75
                                                                                                          • LoadBitmapA.USER32 ref: 10020A8D
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Bitmap$CheckCreateDimensionsLoadMarkMenu_memset
                                                                                                          • String ID:
                                                                                                          • API String ID: 4271682439-3916222277
                                                                                                          • Opcode ID: 33d2bf27483d04382989d274a53bbefd1c41525da4d7f4bc6e43fef10d3baaa5
                                                                                                          • Instruction ID: 8ec26202c106691d72478eed222520a6e30d1cb825b7d1c94e22465ec1c68f9d
                                                                                                          • Opcode Fuzzy Hash: 33d2bf27483d04382989d274a53bbefd1c41525da4d7f4bc6e43fef10d3baaa5
                                                                                                          • Instruction Fuzzy Hash: BD312772A003669FFB10CF289CC5B9D7BB5FB44340F9540AAF549EB182DA709E848B50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10025110, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 65COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SystemParametersInfoA.USER32(00000030,00000000,00000000,00000000), ref: 10025150
                                                                                                          • GetSystemMetrics.USER32 ref: 10025168
                                                                                                          • GetSystemMetrics.USER32 ref: 1002516F
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: System$Metrics$InfoParameters
                                                                                                          • String ID: B$DISPLAY
                                                                                                          • API String ID: 3136151823-3316187204
                                                                                                          • Opcode ID: b6b25803d1236a503b5fcdcee7e41ccf2bd8b680c30ee70901717e7f43f6efc3
                                                                                                          • Instruction ID: b60a64a5d5410e3ad8fe5a59109b18ab5d44eebb328e5d1eff8611f1e2dd37b9
                                                                                                          • Opcode Fuzzy Hash: b6b25803d1236a503b5fcdcee7e41ccf2bd8b680c30ee70901717e7f43f6efc3
                                                                                                          • Instruction Fuzzy Hash: 4511E771901334AFEB52DF64DC85B9B7BA8EF45791F414061FD0AAE006D672D910CBE4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10022E4B, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 61COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: Edit
                                                                                                          • API String ID: 0-554135844
                                                                                                          • Opcode ID: ae77f75da73c1987e0fa940b5ef14957e5d7f7bc95fc6b37df26c4b3c60db9f7
                                                                                                          • Instruction ID: d6f5fafa54f95e57ce7326ac47ec6df47115e019fe7e1f47642f1b857b3d0bbf
                                                                                                          • Opcode Fuzzy Hash: ae77f75da73c1987e0fa940b5ef14957e5d7f7bc95fc6b37df26c4b3c60db9f7
                                                                                                          • Instruction Fuzzy Hash: 4611A131200205BBEE20DAA1AC05F5EB6ECFF46791F930929F956D64B1CF61DC80E564
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10037474, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __getptd.LIBCMT ref: 1003748E
                                                                                                            • Part of subcall function 10034770: __getptd_noexit.LIBCMT ref: 10034773
                                                                                                            • Part of subcall function 10034770: __amsg_exit.LIBCMT ref: 10034780
                                                                                                          • __getptd.LIBCMT ref: 1003749F
                                                                                                          • __getptd.LIBCMT ref: 100374AD
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: __getptd$__amsg_exit__getptd_noexit
                                                                                                          • String ID: MOC$csm
                                                                                                          • API String ID: 803148776-1389381023
                                                                                                          • Opcode ID: e3b2ebf427159775b670ccfe04d8264cb15add95c28ba503ee76d0db9538cd89
                                                                                                          • Instruction ID: 4aa484bfd58dbd3435781d5c114dead901570b21edfee72e4775129354a6ca63
                                                                                                          • Opcode Fuzzy Hash: e3b2ebf427159775b670ccfe04d8264cb15add95c28ba503ee76d0db9538cd89
                                                                                                          • Instruction Fuzzy Hash: 59E012395142448FC322DA64D046B283AE4FB4A216F5A04A1E54C8F223CB38F8809692
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002A742, Relevance: 7.6, APIs: 5, Instructions: 54stringCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • lstrlenA.KERNEL32(?,?,00000000), ref: 1002A76E
                                                                                                          • _memset.LIBCMT ref: 1002A78B
                                                                                                          • GetWindowTextA.USER32 ref: 1002A7A5
                                                                                                          • lstrcmpA.KERNEL32(00000000,?), ref: 1002A7B7
                                                                                                          • SetWindowTextA.USER32(?,?), ref: 1002A7C3
                                                                                                            • Part of subcall function 10023B5B: __CxxThrowException@8.LIBCMT ref: 10023B71
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: TextWindow$Exception@8Throw_memsetlstrcmplstrlen
                                                                                                          • String ID:
                                                                                                          • API String ID: 289641511-0
                                                                                                          • Opcode ID: eba42bef06e1ea26d0eb59e6d93e6a074b965602a881250286a8b19bcf32aa76
                                                                                                          • Instruction ID: 26b6340e82542b1e4468bed3117474a07e50960d7f5f1af9f26f2e201bf88dc7
                                                                                                          • Opcode Fuzzy Hash: eba42bef06e1ea26d0eb59e6d93e6a074b965602a881250286a8b19bcf32aa76
                                                                                                          • Instruction Fuzzy Hash: 6201C4B6600224ABEB11DB64AEC4BDA77BCEB56750F410062FA05D3141DA709E8487A4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1003303D, Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __getptd.LIBCMT ref: 10033049
                                                                                                            • Part of subcall function 10034770: __getptd_noexit.LIBCMT ref: 10034773
                                                                                                            • Part of subcall function 10034770: __amsg_exit.LIBCMT ref: 10034780
                                                                                                          • __amsg_exit.LIBCMT ref: 10033069
                                                                                                          • __lock.LIBCMT ref: 10033079
                                                                                                          • InterlockedDecrement.KERNEL32(?), ref: 10033096
                                                                                                          • InterlockedIncrement.KERNEL32(04B01600), ref: 100330C1
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                                                                          • String ID:
                                                                                                          • API String ID: 4271482742-0
                                                                                                          • Opcode ID: b7e179927d4189d82ebcc7d242cd09fbde42b95b3021a06d9a3f9b095d1226b3
                                                                                                          • Instruction ID: 0569f5a3ac8da4acb0d1a986d046cd977373cb471ce5986ef029c0716cf573c4
                                                                                                          • Opcode Fuzzy Hash: b7e179927d4189d82ebcc7d242cd09fbde42b95b3021a06d9a3f9b095d1226b3
                                                                                                          • Instruction Fuzzy Hash: 6701AD35E01B61AFE716DB68889675E77A0FF01BA2F018205F910AF3A1CB347850CBD5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10043707, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 157COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Fputc$H_prolog3_
                                                                                                          • String ID:
                                                                                                          • API String ID: 2569218679-3916222277
                                                                                                          • Opcode ID: 958f7fde8cf3934525be4b4590de41da191db7979d055f19d5a6abdfe82d0e64
                                                                                                          • Instruction ID: 327ff4da5823006f03605dc28747a7ba7b3d1cf190d8e7353a19ee1d8cd02c88
                                                                                                          • Opcode Fuzzy Hash: 958f7fde8cf3934525be4b4590de41da191db7979d055f19d5a6abdfe82d0e64
                                                                                                          • Instruction Fuzzy Hash: 74515CB6A046489BCB29CBA4C8919DEB7B5EF48310F31D539F552E7291EF70B808CB54
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10028683, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 43libraryloaderCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 1002A6AB: EnterCriticalSection.KERNEL32(10086308,?,?,?,?,1002AD16,00000010,00000008,10024D7E,10024D21,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002A6E5
                                                                                                            • Part of subcall function 1002A6AB: InitializeCriticalSection.KERNEL32(?,?,?,?,?,1002AD16,00000010,00000008,10024D7E,10024D21,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002A6F7
                                                                                                            • Part of subcall function 1002A6AB: LeaveCriticalSection.KERNEL32(10086308,?,?,?,?,1002AD16,00000010,00000008,10024D7E,10024D21,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002A704
                                                                                                            • Part of subcall function 1002A6AB: EnterCriticalSection.KERNEL32(?,?,?,?,?,1002AD16,00000010,00000008,10024D7E,10024D21,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002A714
                                                                                                            • Part of subcall function 1002ACFB: __EH_prolog3_catch.LIBCMT ref: 1002AD02
                                                                                                            • Part of subcall function 10023B5B: __CxxThrowException@8.LIBCMT ref: 10023B71
                                                                                                          • GetProcAddress.KERNEL32(00000000,HtmlHelpA), ref: 100286CC
                                                                                                          • FreeLibrary.KERNEL32(?), ref: 100286DC
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CriticalSection$Enter$AddressException@8FreeH_prolog3_catchInitializeLeaveLibraryProcThrow
                                                                                                          • String ID: HtmlHelpA$hhctrl.ocx
                                                                                                          • API String ID: 3274081130-63838506
                                                                                                          • Opcode ID: 7eafd78b95f4e71f9a7c2a9e0d78888fac0c88a0cb5b3df1705197983d44129d
                                                                                                          • Instruction ID: 005129d9915a41a8e27983cdb1c3ef0c0b08f3353e048253c6f2f10206dc3ba7
                                                                                                          • Opcode Fuzzy Hash: 7eafd78b95f4e71f9a7c2a9e0d78888fac0c88a0cb5b3df1705197983d44129d
                                                                                                          • Instruction Fuzzy Hash: 7D01AD39001A07ABD722DB60FD09B4B3BD4EF04751F90882AFA5AA5462DB70E9509B59
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10037AE5, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ___BuildCatchObject.LIBCMT ref: 10037AF8
                                                                                                            • Part of subcall function 10037A53: ___BuildCatchObjectHelper.LIBCMT ref: 10037A89
                                                                                                          • _UnwindNestedFrames.LIBCMT ref: 10037B0F
                                                                                                          • ___FrameUnwindToState.LIBCMT ref: 10037B1D
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: BuildCatchObjectUnwind$FrameFramesHelperNestedState
                                                                                                          • String ID: csm
                                                                                                          • API String ID: 2163707966-1018135373
                                                                                                          • Opcode ID: f195471c9651215b8799b1dff3133e99b074ac86d89a3ab6fa62fa96ed46b13b
                                                                                                          • Instruction ID: f623d6fd13c583f27d9dc74078cf60041b57e54907eb0ea25ac4e83ce510980d
                                                                                                          • Opcode Fuzzy Hash: f195471c9651215b8799b1dff3133e99b074ac86d89a3ab6fa62fa96ed46b13b
                                                                                                          • Instruction Fuzzy Hash: 1301E475001109BFDF239E51CC41EAB7FAAFF08392F108014BD1C19121D736E9A1EBA1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1003B6EA, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetModuleHandleA.KERNEL32(KERNEL32,1003198E), ref: 1003B6EF
                                                                                                          • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 1003B6FF
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AddressHandleModuleProc
                                                                                                          • String ID: IsProcessorFeaturePresent$KERNEL32
                                                                                                          • API String ID: 1646373207-3105848591
                                                                                                          • Opcode ID: b625c795e4b14fe0a5397004e64ae313e176778416d8ae412e329f0da2c945c9
                                                                                                          • Instruction ID: 1963b1661ff3506828beccd1ed570aedb4cc9858b4c3caadb466faf93440aec0
                                                                                                          • Opcode Fuzzy Hash: b625c795e4b14fe0a5397004e64ae313e176778416d8ae412e329f0da2c945c9
                                                                                                          • Instruction Fuzzy Hash: FAF09030D0090DE6EF006BA1AE4A2AF7BB8FB8134AF9204A0E295F0094CF30C074C345
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10043F42, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog3.LIBCMT ref: 10043F49
                                                                                                            • Part of subcall function 1001E9D0: _strlen.LIBCMT ref: 1001E9EF
                                                                                                          • std::bad_exception::bad_exception.LIBCMT ref: 10043F66
                                                                                                            • Part of subcall function 10043EBB: std::runtime_error::runtime_error.LIBCPMT ref: 10043EC6
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 10043F74
                                                                                                            • Part of subcall function 100312CD: RaiseException.KERNEL32(?,?,1004B6B4,1004F1B8,?,?,?,100203CA,1004B6B4,1004F1B8,00000000,00000000), ref: 1003130F
                                                                                                          Strings
                                                                                                          • invalid string position, xrefs: 10043F4E
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ExceptionException@8H_prolog3RaiseThrow_strlenstd::bad_exception::bad_exceptionstd::runtime_error::runtime_error
                                                                                                          • String ID: invalid string position
                                                                                                          • API String ID: 843739861-1799206989
                                                                                                          • Opcode ID: 45ad777bced333e79dc8783b5ddc33aee8a57e63d6a6dab2f02a1dc112f26aec
                                                                                                          • Instruction ID: 29482f66c8a5f8716b1ced5184e44cdebd8c398cac92a99365ce02766c2dbf89
                                                                                                          • Opcode Fuzzy Hash: 45ad777bced333e79dc8783b5ddc33aee8a57e63d6a6dab2f02a1dc112f26aec
                                                                                                          • Instruction Fuzzy Hash: 6FD0127580004D9ADB05DBD0CC55EDE7378EB14311F541835B301EA041DF747A49C658
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10003190, Relevance: 6.4, APIs: 5, Instructions: 119COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SetLastError.KERNEL32(0000007F), ref: 100031BF
                                                                                                          • SetLastError.KERNEL32(0000007F), ref: 100031EB
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorLast
                                                                                                          • String ID:
                                                                                                          • API String ID: 1452528299-0
                                                                                                          • Opcode ID: be243d1140ffaf3f5c0c670d3f2cc449d13f2587e7475c66dd1e7082ab2392ba
                                                                                                          • Instruction ID: 4eaf8ab176a3ef0a7f39cefad6a7452b8358f787e5b85b158199dac7f5a3fe15
                                                                                                          • Opcode Fuzzy Hash: be243d1140ffaf3f5c0c670d3f2cc449d13f2587e7475c66dd1e7082ab2392ba
                                                                                                          • Instruction Fuzzy Hash: D051E770E0415ADFEB05CF98C981AAEB7F5FF48344F2085A9E815AB349D734EA41DB90
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10043370, Relevance: 6.2, APIs: 4, Instructions: 152COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog3_GS.LIBCMT ref: 10043377
                                                                                                          • _fgetc.LIBCMT ref: 100434AD
                                                                                                            • Part of subcall function 100432DD: std::_String_base::_Xlen.LIBCPMT ref: 100432F3
                                                                                                          • _memcpy_s.LIBCMT ref: 10043472
                                                                                                          • _ungetc.LIBCMT ref: 100434F8
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: H_prolog3_String_base::_Xlen_fgetc_memcpy_s_ungetcstd::_
                                                                                                          • String ID:
                                                                                                          • API String ID: 9762108-0
                                                                                                          • Opcode ID: 99201e9437667c55015348abdb3458414e8582c21c8e059d90a996027ebc780c
                                                                                                          • Instruction ID: 13a944e20a8a26727cade03676e391ccd69925211a3dd35b2a339be84363c332
                                                                                                          • Opcode Fuzzy Hash: 99201e9437667c55015348abdb3458414e8582c21c8e059d90a996027ebc780c
                                                                                                          • Instruction Fuzzy Hash: CF515C76A006089FCB15DBB4C8919DEB7B9FF48210F70953AE552E7191EE60F908CB54
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10044EAE, Relevance: 6.1, APIs: 4, Instructions: 137COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __flush.LIBCMT ref: 10044F72
                                                                                                          • __fileno.LIBCMT ref: 10044F92
                                                                                                          • __locking.LIBCMT ref: 10044F99
                                                                                                          • __flsbuf.LIBCMT ref: 10044FC4
                                                                                                            • Part of subcall function 10030D24: __getptd_noexit.LIBCMT ref: 10030D24
                                                                                                            • Part of subcall function 10032DE1: __decode_pointer.LIBCMT ref: 10032DEC
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: __decode_pointer__fileno__flsbuf__flush__getptd_noexit__locking
                                                                                                          • String ID:
                                                                                                          • API String ID: 3240763771-0
                                                                                                          • Opcode ID: 956221b4076386118c712c8f64a0eb647298e6b25e76d36a604d25e1bab44899
                                                                                                          • Instruction ID: f2cbb9fbd7bb741866626b2388375d2bcd999be80ff2815986012e88e7b340f8
                                                                                                          • Opcode Fuzzy Hash: 956221b4076386118c712c8f64a0eb647298e6b25e76d36a604d25e1bab44899
                                                                                                          • Instruction Fuzzy Hash: 48418F35A00605DFDB15CFAA888099EB7F6EF80360F328639E855D7580EB71EE45CB48
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1003EEC4, Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 1003EEF8
                                                                                                          • __isleadbyte_l.LIBCMT ref: 1003EF2C
                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,?,?,1004E688,00000000,00000000,00000020), ref: 1003EF5D
                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000001,00000000,00000000,?,?,?,1004E688,00000000,00000000,00000020), ref: 1003EFCB
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                          • String ID:
                                                                                                          • API String ID: 3058430110-0
                                                                                                          • Opcode ID: 96643137e7721e308861157e0faa2d4bf1abe89a8bc138eb09a9c9d576fa028f
                                                                                                          • Instruction ID: 26013823be584ed4b010159d5efc2338de830fada2216c2f4930337caeab7791
                                                                                                          • Opcode Fuzzy Hash: 96643137e7721e308861157e0faa2d4bf1abe89a8bc138eb09a9c9d576fa028f
                                                                                                          • Instruction Fuzzy Hash: 52318931A002D6EFDB12DF64C880AAA7BE5EF41352F1286A9F4648F1E1D770AD40DB50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002B564, Relevance: 6.1, APIs: 4, Instructions: 89COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: __msize_malloc
                                                                                                          • String ID:
                                                                                                          • API String ID: 1288803200-0
                                                                                                          • Opcode ID: e7775de412d4773406d2d7f9127a0febec078a8c984ec9c0c9f408937bca0ff2
                                                                                                          • Instruction ID: c06ad2b89a0fc854e88fd2117b33bcd0e6f9c9f7914c74f6532cfdf5cd9cd5d6
                                                                                                          • Opcode Fuzzy Hash: e7775de412d4773406d2d7f9127a0febec078a8c984ec9c0c9f408937bca0ff2
                                                                                                          • Instruction Fuzzy Hash: 9D218231600E249FCB55EF30F8C9A5A77E5EF04790BD18519E8598B256DF34ECA0CB80
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 100210FF, Relevance: 6.1, APIs: 4, Instructions: 61COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Exception@8Throw$__cftof
                                                                                                          • String ID:
                                                                                                          • API String ID: 887240167-0
                                                                                                          • Opcode ID: 4211e913ba8b62f1cad3a260a4951dcfba4da381e4675b2fc4cd124fb216e819
                                                                                                          • Instruction ID: 16327421f0b36ea26aeda1f7d289ca1428dc81c908886c4e3e3252d19e74a35c
                                                                                                          • Opcode Fuzzy Hash: 4211e913ba8b62f1cad3a260a4951dcfba4da381e4675b2fc4cd124fb216e819
                                                                                                          • Instruction Fuzzy Hash: 6201C07980024CBB8B11DE899C46CDF7BEDEA88250BB00152FB19C3501DAB1EE20D2A2
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10023180, Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • FindResourceA.KERNEL32(?,00000000,00000005), ref: 100231A8
                                                                                                          • LoadResource.KERNEL32(?,00000000), ref: 100231B0
                                                                                                          • LockResource.KERNEL32(00000000), ref: 100231C2
                                                                                                          • FreeResource.KERNEL32(00000000), ref: 10023210
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Resource$FindFreeLoadLock
                                                                                                          • String ID:
                                                                                                          • API String ID: 1078018258-0
                                                                                                          • Opcode ID: 8904d22b2e9766e214ab266f9aec4827302d519ac8e5ca81d82e01921d4caf04
                                                                                                          • Instruction ID: 7117f4333b49b93e9e103224ba76a384f5f6927333c7ffee97ba62033829b48c
                                                                                                          • Opcode Fuzzy Hash: 8904d22b2e9766e214ab266f9aec4827302d519ac8e5ca81d82e01921d4caf04
                                                                                                          • Instruction Fuzzy Hash: 3D110134500761EFD714CF99D988AAAB7F8FF00399F51C429E84283550D770ED58DBA0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10024E13, Relevance: 6.1, APIs: 4, Instructions: 59windowCOMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog3.LIBCMT ref: 10024E1A
                                                                                                            • Part of subcall function 10020421: _malloc.LIBCMT ref: 1002043F
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 10024E50
                                                                                                          • FormatMessageA.KERNEL32(00001100,00000000,?,00000800,8007000E,00000000,00000000,00000000,?,8007000E,1004DCF4,00000004,1000166C,8007000E), ref: 10024E7B
                                                                                                            • Part of subcall function 10023B77: __cftof.LIBCMT ref: 10023B88
                                                                                                          • LocalFree.KERNEL32(8007000E,8007000E), ref: 10024EA4
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Exception@8FormatFreeH_prolog3LocalMessageThrow__cftof_malloc
                                                                                                          • String ID:
                                                                                                          • API String ID: 1808948168-0
                                                                                                          • Opcode ID: a99d70be1c0dcc840c7ce1049e047e71ac8799dea147b88372324e332874e07f
                                                                                                          • Instruction ID: b82dd79aa3f9a22217a6a5774d94273f1735641f27abfa85c715a235195ff0cc
                                                                                                          • Opcode Fuzzy Hash: a99d70be1c0dcc840c7ce1049e047e71ac8799dea147b88372324e332874e07f
                                                                                                          • Instruction Fuzzy Hash: 2711C6B1604249BFEF01DFA4DC81DAE3BA9FF08350F628529F619CB1A1DB319950CB50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 100217AE, Relevance: 6.1, APIs: 4, Instructions: 57threadCOMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog3.LIBCMT ref: 100217B5
                                                                                                            • Part of subcall function 1002299D: __EH_prolog3.LIBCMT ref: 100229A4
                                                                                                          • __strdup.LIBCMT ref: 100217D7
                                                                                                          • GetCurrentThread.KERNEL32 ref: 10021804
                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 1002180D
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CurrentH_prolog3Thread$__strdup
                                                                                                          • String ID:
                                                                                                          • API String ID: 4206445780-0
                                                                                                          • Opcode ID: 81573f6a70f85e6e6b71bd66fb05b0a7947cee5f3eccb4cfcc9ed85a086636bb
                                                                                                          • Instruction ID: 63c4b4d8ed515ebd67a2d3fac6e93b486822e3c8ffac095a61f99a1b17b282e6
                                                                                                          • Opcode Fuzzy Hash: 81573f6a70f85e6e6b71bd66fb05b0a7947cee5f3eccb4cfcc9ed85a086636bb
                                                                                                          • Instruction Fuzzy Hash: EC217DB8801B408EC321DF6A958124AFBF4FFA4600F50891FE5AAC7A22DBB4A441CF44
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10029178, Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: MessageSend$Capture
                                                                                                          • String ID:
                                                                                                          • API String ID: 1665607226-0
                                                                                                          • Opcode ID: 088ca0eca7ffd53ce47653328526b22f7a75d7299b8dffa12b2224c673d87500
                                                                                                          • Instruction ID: 9d500238946ec194ad8ffa17e766443115c43433aa0eeb43828134f684b4c91a
                                                                                                          • Opcode Fuzzy Hash: 088ca0eca7ffd53ce47653328526b22f7a75d7299b8dffa12b2224c673d87500
                                                                                                          • Instruction Fuzzy Hash: 8A0175713402557BDA205B629CCDF9B3E7AEBCAF50F510478F6089A0A7CAA14800D620
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002ABD3, Relevance: 6.1, APIs: 4, Instructions: 56registryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • RegSetValueExA.ADVAPI32(00000000,?,00000000,00000004,?,00000004), ref: 1002AC0E
                                                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 1002AC17
                                                                                                          • swprintf.LIBCMT ref: 1002AC34
                                                                                                          • WritePrivateProfileStringA.KERNEL32(?,?,?,?), ref: 1002AC45
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ClosePrivateProfileStringValueWriteswprintf
                                                                                                          • String ID:
                                                                                                          • API String ID: 22681860-0
                                                                                                          • Opcode ID: c84d023a091e3481915df690cb6fa3c091d1dd2ebdb2df30426c6b2c34bdf920
                                                                                                          • Instruction ID: b3e5ac37a67a2c34724f7244494befea3428c85a23c18ad1ae006fcf60cdee60
                                                                                                          • Opcode Fuzzy Hash: c84d023a091e3481915df690cb6fa3c091d1dd2ebdb2df30426c6b2c34bdf920
                                                                                                          • Instruction Fuzzy Hash: C901ED76500218ABDB10DF688D85FAF77ACEB49714F51082AFA01E3141DB74ED0487A8
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10027E7D, Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetTopWindow.USER32(00000000), ref: 10027E8D
                                                                                                          • GetTopWindow.USER32(00000000), ref: 10027ECC
                                                                                                          • GetWindow.USER32(00000000,00000002), ref: 10027EEA
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Window
                                                                                                          • String ID:
                                                                                                          • API String ID: 2353593579-0
                                                                                                          • Opcode ID: afb69f6388361ddcc73f1cca2ae2c50509cd01f1d16e133e3ebac848732dfc51
                                                                                                          • Instruction ID: 7c1aa0b4fd0438a3880c8a8454d512b9e221987d8156c76486bb18807498cd50
                                                                                                          • Opcode Fuzzy Hash: afb69f6388361ddcc73f1cca2ae2c50509cd01f1d16e133e3ebac848732dfc51
                                                                                                          • Instruction Fuzzy Hash: 8101D33640062ABBDF139FA1AD05E9F3B6AFF492A0F424054FE1851060D736C961EBA5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1003B5D6, Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                          • String ID:
                                                                                                          • API String ID: 3016257755-0
                                                                                                          • Opcode ID: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                                                          • Instruction ID: 1693f95a625ffde70028128af171decd196e1ba2c6c978d497889c3db2691634
                                                                                                          • Opcode Fuzzy Hash: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                                                          • Instruction Fuzzy Hash: 85117E3680054ABFCF139E80CC028EE3F62FB09299F548415FF1958032C736D9B1AB81
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10027839, Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetDlgItem.USER32 ref: 10027846
                                                                                                          • GetTopWindow.USER32(00000000), ref: 10027859
                                                                                                            • Part of subcall function 10027839: GetWindow.USER32(00000000,00000002), ref: 100278A0
                                                                                                          • GetTopWindow.USER32(?), ref: 10027889
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Window$Item
                                                                                                          • String ID:
                                                                                                          • API String ID: 369458955-0
                                                                                                          • Opcode ID: 3cb82c9a8c8603e496fbf3d62de3cfdf58aa9b4925ce369bf6021e639fee71c7
                                                                                                          • Instruction ID: f10d52d962ac960512d7384eec108a680d17f64428226a36a785d2fcb99e30ea
                                                                                                          • Opcode Fuzzy Hash: 3cb82c9a8c8603e496fbf3d62de3cfdf58aa9b4925ce369bf6021e639fee71c7
                                                                                                          • Instruction Fuzzy Hash: F301A23618166ABBCB229F51AC08E8F3A99FF417E0F814021FD0C91111DF31D911D6E1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002A257, Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • FindResourceA.KERNEL32(?,?,000000F0), ref: 1002A27D
                                                                                                          • LoadResource.KERNEL32(?,00000000,?,?,?,?,?,10023139,?,?,1001DF61), ref: 1002A289
                                                                                                          • LockResource.KERNEL32(00000000,?,?,?,?,?,10023139,?,?,1001DF61), ref: 1002A296
                                                                                                          • FreeResource.KERNEL32(00000000,00000000,?,?,?,?,?,10023139,?,?,1001DF61), ref: 1002A2B2
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Resource$FindFreeLoadLock
                                                                                                          • String ID:
                                                                                                          • API String ID: 1078018258-0
                                                                                                          • Opcode ID: feba8fe24ac97258290d34300adbce18e9849086dee679fc7f85b56fb59f0c30
                                                                                                          • Instruction ID: f3c4c51c49c486de2effa8659e681593a38c79611994fd5387b39b2d60b42ad5
                                                                                                          • Opcode Fuzzy Hash: feba8fe24ac97258290d34300adbce18e9849086dee679fc7f85b56fb59f0c30
                                                                                                          • Instruction Fuzzy Hash: B5F0C237200316BBD7019FAD9DC4A6B77ADEF866A17524038FE09D3210DE71DD448AB4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10001310, Relevance: 6.0, APIs: 4, Instructions: 41networkCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _memsethtonsinet_addrsendto
                                                                                                          • String ID:
                                                                                                          • API String ID: 1158618643-0
                                                                                                          • Opcode ID: c3eaa792e2cc8573930c6e3819606380beb20a92460ab2a72e807829517de2d8
                                                                                                          • Instruction ID: 60f6b611a07b9dfdfd37c1fffb937be7e3926c5419f3fbf29161148c0f489d21
                                                                                                          • Opcode Fuzzy Hash: c3eaa792e2cc8573930c6e3819606380beb20a92460ab2a72e807829517de2d8
                                                                                                          • Instruction Fuzzy Hash: 7A015E75900208ABDB00DFA4C986BBF77B8FF48700F504459F90597281E770AA10DBA1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10023584, Relevance: 6.0, APIs: 4, Instructions: 32COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • EnableWindow.USER32(?,00000001), ref: 100235A4
                                                                                                          • GetActiveWindow.USER32 ref: 100235AF
                                                                                                          • SetActiveWindow.USER32(?,?,00000024,1000150C,00000000,8D9F250A), ref: 100235BD
                                                                                                          • FreeResource.KERNEL32(?,?,00000024,1000150C,00000000,8D9F250A), ref: 100235D9
                                                                                                            • Part of subcall function 1002A4AD: EnableWindow.USER32(?,00000000), ref: 1002A4BE
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Window$ActiveEnable$FreeResource
                                                                                                          • String ID:
                                                                                                          • API String ID: 253586258-0
                                                                                                          • Opcode ID: 2c836dbf06692eee7363ec98f3d2861cbecdd6f5195fecbca41b8321f8fae3dc
                                                                                                          • Instruction ID: 11aa7c219ea7ea27b38022f450b92876966fee3fb2bcd7a89944b049f6e30275
                                                                                                          • Opcode Fuzzy Hash: 2c836dbf06692eee7363ec98f3d2861cbecdd6f5195fecbca41b8321f8fae3dc
                                                                                                          • Instruction Fuzzy Hash: 83F01934900B28CBDF12EF64D9855AD77B1FF88B02B900425E446B2161CB326E80CA65
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 100337CF, Relevance: 6.0, APIs: 4, Instructions: 31COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __getptd.LIBCMT ref: 100337DB
                                                                                                            • Part of subcall function 10034770: __getptd_noexit.LIBCMT ref: 10034773
                                                                                                            • Part of subcall function 10034770: __amsg_exit.LIBCMT ref: 10034780
                                                                                                          • __getptd.LIBCMT ref: 100337F2
                                                                                                          • __amsg_exit.LIBCMT ref: 10033800
                                                                                                          • __lock.LIBCMT ref: 10033810
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                                                                                                          • String ID:
                                                                                                          • API String ID: 3521780317-0
                                                                                                          • Opcode ID: 56a1e1e41ab0af4027642382f4b576c173bb85e7d626fa8461ae6f1c5f148875
                                                                                                          • Instruction ID: dae39449bd8c003bde3e62b30ea038717af1cc855304bc2085dea34c93cae8e5
                                                                                                          • Opcode Fuzzy Hash: 56a1e1e41ab0af4027642382f4b576c173bb85e7d626fa8461ae6f1c5f148875
                                                                                                          • Instruction Fuzzy Hash: 72F06D7E909700AFE362DB74844674A37E0EF00762F118619B4419F3A1CF34B900CA91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002173A, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 10021762
                                                                                                          • PathFindExtensionA.SHLWAPI(?), ref: 10021778
                                                                                                            • Part of subcall function 100214CB: __EH_prolog3_GS.LIBCMT ref: 100214D5
                                                                                                            • Part of subcall function 100214CB: GetModuleHandleA.KERNEL32(kernel32.dll,0000015C,1002179C,?,?), ref: 10021505
                                                                                                            • Part of subcall function 100214CB: GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 10021519
                                                                                                            • Part of subcall function 100214CB: ConvertDefaultLocale.KERNEL32(?), ref: 10021555
                                                                                                            • Part of subcall function 100214CB: ConvertDefaultLocale.KERNEL32(?), ref: 10021563
                                                                                                            • Part of subcall function 100214CB: GetProcAddress.KERNEL32(?,GetSystemDefaultUILanguage), ref: 10021580
                                                                                                            • Part of subcall function 100214CB: ConvertDefaultLocale.KERNEL32(?), ref: 100215AB
                                                                                                            • Part of subcall function 100214CB: ConvertDefaultLocale.KERNEL32(000003FF), ref: 100215B4
                                                                                                            • Part of subcall function 100214CB: GetModuleFileNameA.KERNEL32(10000000,?,00000105), ref: 10021669
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ConvertDefaultLocale$Module$AddressFileNameProc$ExtensionFindH_prolog3_HandlePath
                                                                                                          • String ID: %s%s.dll
                                                                                                          • API String ID: 1311856149-1649984862
                                                                                                          • Opcode ID: 06773c07019d6f4b52aa5f2187269cd07d01a6017d615c8e4409f9f105a9a11d
                                                                                                          • Instruction ID: cb1c0cb3582a3260588f521687d4e0582820240ed98e8e3d3c47ebba61cd8817
                                                                                                          • Opcode Fuzzy Hash: 06773c07019d6f4b52aa5f2187269cd07d01a6017d615c8e4409f9f105a9a11d
                                                                                                          • Instruction Fuzzy Hash: DA01D1759002289FDB10DB28DD45AEF77FCEB85700F4104A6E505E7150EA70AE04CBA0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1003785E, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 10030483: __getptd.LIBCMT ref: 10030489
                                                                                                            • Part of subcall function 10030483: __getptd.LIBCMT ref: 10030499
                                                                                                          • __getptd.LIBCMT ref: 1003786D
                                                                                                            • Part of subcall function 10034770: __getptd_noexit.LIBCMT ref: 10034773
                                                                                                            • Part of subcall function 10034770: __amsg_exit.LIBCMT ref: 10034780
                                                                                                          • __getptd.LIBCMT ref: 1003787B
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: __getptd$__amsg_exit__getptd_noexit
                                                                                                          • String ID: csm
                                                                                                          • API String ID: 803148776-1018135373
                                                                                                          • Opcode ID: 51da8c13634b056fff6b854f5948755b110b34fcd4bcc67fefb372d20441b29d
                                                                                                          • Instruction ID: 9bdde97464bd0678537997cb56ba83c365607814a506e3d314dec82bc4d239b5
                                                                                                          • Opcode Fuzzy Hash: 51da8c13634b056fff6b854f5948755b110b34fcd4bcc67fefb372d20441b29d
                                                                                                          • Instruction Fuzzy Hash: 5C014B38841245CECB36CFA0D8446AEB7F6FF08253F51442EE0495EAA1DF30EA81CB51
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10002AB0, Relevance: 5.2, APIs: 4, Instructions: 181COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • IsBadReadPtr.KERNEL32(00000000,00000014,?,?,?,?,1000308E,00000000,00000000), ref: 10002B05
                                                                                                          • SetLastError.KERNEL32(0000007E), ref: 10002B47
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorLastRead
                                                                                                          • String ID:
                                                                                                          • API String ID: 4100373531-0
                                                                                                          • Opcode ID: 97caa88e84ccd89aa93ae28ac998ff8c0d132747f048963a4391c92f1473f43e
                                                                                                          • Instruction ID: 796d6741741126c51599b2b906ad2ab7a2c15db3fbae67425d52538266fc70d6
                                                                                                          • Opcode Fuzzy Hash: 97caa88e84ccd89aa93ae28ac998ff8c0d132747f048963a4391c92f1473f43e
                                                                                                          • Instruction Fuzzy Hash: C38182B4A00209DFEB04CF94C981A9EB7B1FF88354F248559E819AB355D735EE82CF94
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002A6AB, Relevance: 5.0, APIs: 4, Instructions: 38COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • EnterCriticalSection.KERNEL32(10086308,?,?,?,?,1002AD16,00000010,00000008,10024D7E,10024D21,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002A6E5
                                                                                                          • InitializeCriticalSection.KERNEL32(?,?,?,?,?,1002AD16,00000010,00000008,10024D7E,10024D21,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002A6F7
                                                                                                          • LeaveCriticalSection.KERNEL32(10086308,?,?,?,?,1002AD16,00000010,00000008,10024D7E,10024D21,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002A704
                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,1002AD16,00000010,00000008,10024D7E,10024D21,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002A714
                                                                                                            • Part of subcall function 10023B5B: __CxxThrowException@8.LIBCMT ref: 10023B71
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CriticalSection$Enter$Exception@8InitializeLeaveThrow
                                                                                                          • String ID:
                                                                                                          • API String ID: 3253506028-0
                                                                                                          • Opcode ID: feb1692b13d847297fc57938e43eb050cd6bddea5eb79fc1efedc9f05588c2f0
                                                                                                          • Instruction ID: 3062035623b9543bfb964b4a27d18fc4dd6f5ea10993a44c93a1de297aa0e807
                                                                                                          • Opcode Fuzzy Hash: feb1692b13d847297fc57938e43eb050cd6bddea5eb79fc1efedc9f05588c2f0
                                                                                                          • Instruction Fuzzy Hash: 48F09672900355AFEB009F68DCCCB09B7AAFBD6261FDB0017F14486122DF3499C5CAA5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002AC8F, Relevance: 5.0, APIs: 4, Instructions: 35COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • EnterCriticalSection.KERNEL32(100863DC,?,?,?,?,1002B122,?,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004,100217C4,00000004), ref: 1002AC9D
                                                                                                          • TlsGetValue.KERNEL32(100863C0,?,?,?,?,1002B122,?,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004,100217C4,00000004), ref: 1002ACB1
                                                                                                          • LeaveCriticalSection.KERNEL32(100863DC,?,?,?,?,1002B122,?,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004,100217C4,00000004), ref: 1002ACC7
                                                                                                          • LeaveCriticalSection.KERNEL32(100863DC,?,?,?,?,1002B122,?,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004,100217C4,00000004), ref: 1002ACD2
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.669967746.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.669963082.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670033398.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670042113.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670046742.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670097373.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670101405.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670106488.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CriticalSection$Leave$EnterValue
                                                                                                          • String ID:
                                                                                                          • API String ID: 3969253408-0
                                                                                                          • Opcode ID: 635fa73827a5293bebe955a628cf46864b21247635245c70732137549ce58e55
                                                                                                          • Instruction ID: 611a8f73b53b00c56169e9f5a31810a1fff77d91dc8bf1d27f242dc0fd10bd82
                                                                                                          • Opcode Fuzzy Hash: 635fa73827a5293bebe955a628cf46864b21247635245c70732137549ce58e55
                                                                                                          • Instruction Fuzzy Hash: 42F054362005149FD3108F68DDC8C06B7ADFB8A2613664425E805D3221DA30F849EB50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Analysis Process: rundll32.exe PID: 6868 Parent PID: 6832 rundll32.exeCOMMON

                                                                                                          Execution Graph

                                                                                                          Execution Coverage:5.2%
                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                          Signature Coverage:0%
                                                                                                          Total number of Nodes:452
                                                                                                          Total number of Limit Nodes:17

                                                                                                          Graph

                                                                                                          execution_graph 21113 100036a0 21116 1002e654 21113->21116 21117 1002e707 21116->21117 21127 1002e666 21116->21127 21141 1003654f 6 API calls __decode_pointer 21117->21141 21119 1002e70d 21142 10030d24 67 API calls __getptd_noexit 21119->21142 21124 1002e6c3 RtlAllocateHeap 21124->21127 21125 1002e677 21125->21127 21134 10036507 67 API calls 2 library calls 21125->21134 21135 1003635c 67 API calls 7 library calls 21125->21135 21136 100306e0 GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 21125->21136 21127->21124 21127->21125 21128 1002e6f3 21127->21128 21131 1002e6f8 21127->21131 21133 100036c0 21127->21133 21137 1002e605 67 API calls 4 library calls 21127->21137 21138 1003654f 6 API calls __decode_pointer 21127->21138 21139 10030d24 67 API calls __getptd_noexit 21128->21139 21140 10030d24 67 API calls __getptd_noexit 21131->21140 21134->21125 21135->21125 21137->21127 21138->21127 21139->21131 21140->21133 21141->21119 21142->21133 21143 10003440 21144 1000344f 21143->21144 21146 10003454 21143->21146 21149 100033f0 67 API calls _malloc 21144->21149 21147 1002e654 _malloc 67 API calls 21146->21147 21148 10003464 21146->21148 21147->21148 21149->21146 21150 10003160 21153 10002d40 21150->21153 21188 100024a0 21153->21188 21156 10002d83 SetLastError 21180 10002d69 21156->21180 21157 10002d95 21158 100024a0 SetLastError 21157->21158 21159 10002dae 21158->21159 21160 10002dd0 SetLastError 21159->21160 21161 10002de2 21159->21161 21159->21180 21160->21180 21162 10002df1 SetLastError 21161->21162 21163 10002e03 21161->21163 21162->21180 21164 10002e0e SetLastError 21163->21164 21168 10002e20 GetNativeSystemInfo 21163->21168 21164->21180 21166 10002ed4 SetLastError 21166->21180 21167 10002ee6 VirtualAlloc 21169 10002f32 GetProcessHeap HeapAlloc 21167->21169 21170 10002f07 VirtualAlloc 21167->21170 21168->21166 21168->21167 21172 10002f6c 21169->21172 21173 10002f4c VirtualFree SetLastError 21169->21173 21170->21169 21171 10002f23 SetLastError 21170->21171 21171->21180 21174 100024a0 SetLastError 21172->21174 21173->21180 21175 10002fce 21174->21175 21176 10002fdc VirtualAlloc 21175->21176 21186 10002fd2 21175->21186 21177 1000300b 21176->21177 21191 100024d0 21177->21191 21181 1000303f 21181->21186 21201 10002ab0 21181->21201 21185 100030a8 21185->21186 21187 1000310f SetLastError 21185->21187 21186->21180 21220 10003310 VirtualFree VirtualFree GetProcessHeap HeapFree 21186->21220 21187->21186 21189 100024bb 21188->21189 21190 100024af SetLastError 21188->21190 21189->21156 21189->21157 21189->21180 21190->21189 21192 10002500 21191->21192 21193 10002593 21192->21193 21195 1000253c VirtualAlloc 21192->21195 21200 100025b0 21192->21200 21194 100024a0 SetLastError 21193->21194 21198 100025ac 21194->21198 21196 10002560 21195->21196 21197 10002567 21195->21197 21196->21200 21197->21192 21199 100025b4 VirtualAlloc 21198->21199 21198->21200 21199->21200 21200->21181 21202 10002ae9 IsBadReadPtr 21201->21202 21211 10002adf 21201->21211 21204 10002b13 21202->21204 21202->21211 21205 10002b45 SetLastError 21204->21205 21206 10002b59 21204->21206 21204->21211 21205->21211 21221 100023c0 VirtualQuery VirtualFree VirtualAlloc 21206->21221 21208 10002b73 21209 10002b7f SetLastError 21208->21209 21212 10002ba9 21208->21212 21209->21211 21211->21186 21214 100027c0 21211->21214 21212->21211 21213 10002cb9 SetLastError 21212->21213 21213->21211 21215 10002808 21214->21215 21216 10002911 21215->21216 21218 100028ed 21215->21218 21222 10002690 21215->21222 21217 10002690 2 API calls 21216->21217 21217->21218 21218->21185 21220->21180 21221->21208 21223 100026ac 21222->21223 21228 100026a2 21222->21228 21225 10002714 VirtualProtect 21223->21225 21226 100026ba 21223->21226 21225->21228 21227 100026f2 VirtualFree 21226->21227 21226->21228 21227->21228 21228->21215 21229 10024d50 21234 1002b0bb 21229->21234 21231 10024d82 21233 10024d5f 21233->21231 21245 1002acfb 21233->21245 21237 1002b0c7 __EH_prolog3 21234->21237 21236 1002b115 21272 1002ac8f EnterCriticalSection 21236->21272 21237->21236 21253 1002aec4 TlsAlloc 21237->21253 21257 1002adac EnterCriticalSection 21237->21257 21279 10023b5b 78 API calls 3 library calls 21237->21279 21242 1002b13b ~_Task_impl 21242->21233 21243 1002b128 21280 1002af6b 88 API calls 4 library calls 21243->21280 21246 1002ad07 __EH_prolog3_catch 21245->21246 21247 1002ad30 ~_Task_impl 21246->21247 21288 1002a6ab 21246->21288 21247->21233 21249 1002ad16 21250 1002ad23 21249->21250 21298 10024d0b 21249->21298 21301 1002a71d 79 API calls ~_Task_impl 21250->21301 21254 1002aef0 21253->21254 21255 1002aef5 InitializeCriticalSection 21253->21255 21281 10023b23 78 API calls 3 library calls 21254->21281 21255->21237 21262 1002adcf 21257->21262 21258 1002ae8e _memset 21259 1002aea5 LeaveCriticalSection 21258->21259 21259->21237 21260 1002ae08 21282 10023778 21260->21282 21261 1002ae1d GlobalHandle GlobalUnlock 21264 10023778 ctype 80 API calls 21261->21264 21262->21258 21262->21260 21262->21261 21266 1002ae3b GlobalReAlloc 21264->21266 21267 1002ae47 21266->21267 21268 1002ae6e GlobalLock 21267->21268 21269 1002ae52 GlobalHandle GlobalLock 21267->21269 21270 1002ae60 LeaveCriticalSection 21267->21270 21268->21258 21269->21270 21286 10023b23 78 API calls 3 library calls 21270->21286 21273 1002acd1 LeaveCriticalSection 21272->21273 21274 1002acaa 21272->21274 21276 1002acda 21273->21276 21274->21273 21275 1002acaf TlsGetValue 21274->21275 21275->21273 21277 1002acbb 21275->21277 21276->21242 21276->21243 21277->21273 21278 1002acc0 LeaveCriticalSection 21277->21278 21278->21276 21279->21237 21280->21242 21281->21255 21283 1002378d ctype 21282->21283 21284 1002379a GlobalAlloc 21283->21284 21287 10001650 80 API calls ctype 21283->21287 21284->21267 21286->21268 21287->21284 21289 1002a6c0 21288->21289 21290 1002a6bb 21288->21290 21292 1002a6ce 21289->21292 21303 1002a687 InitializeCriticalSection 21289->21303 21302 10023b5b 78 API calls 3 library calls 21290->21302 21294 1002a6e0 EnterCriticalSection 21292->21294 21295 1002a70a EnterCriticalSection 21292->21295 21296 1002a6ff LeaveCriticalSection 21294->21296 21297 1002a6ec InitializeCriticalSection 21294->21297 21295->21249 21296->21295 21297->21296 21304 10024bd0 21298->21304 21300 10024d17 21300->21250 21301->21247 21302->21289 21303->21292 21305 10024bdc __EH_prolog3_catch 21304->21305 21324 1001e8f0 21305->21324 21311 10024c76 21333 1002ac5c 79 API calls ctype 21311->21333 21313 10024c85 21314 10024c97 21313->21314 21334 100248e2 117 API calls 2 library calls 21313->21334 21335 1002ac5c 79 API calls ctype 21314->21335 21317 10024caa 21318 10024cbc 21317->21318 21336 10024b06 117 API calls 2 library calls 21317->21336 21337 1002ac5c 79 API calls ctype 21318->21337 21321 10024cd0 21323 10024ce2 ~_Task_impl 21321->21323 21338 10024b89 117 API calls 2 library calls 21321->21338 21323->21300 21325 1001e8fe 21324->21325 21327 1001e921 21325->21327 21339 10001650 80 API calls ctype 21325->21339 21328 1001ed40 21327->21328 21329 1001ed82 21328->21329 21330 1001ed76 21328->21330 21332 10020421 67 API calls _malloc 21329->21332 21340 1001f370 21330->21340 21332->21311 21333->21313 21334->21314 21335->21317 21336->21318 21337->21321 21338->21323 21339->21325 21341 1001f38f 21340->21341 21342 1001f3ab 21341->21342 21345 1001f3b9 21341->21345 21347 1001fb60 21342->21347 21344 1001f3b7 21344->21329 21345->21344 21355 1001fc30 80 API calls 21345->21355 21348 1001fb8e 21347->21348 21356 100236ce 21348->21356 21351 1001fbb1 21361 1002e804 68 API calls 3 library calls 21351->21361 21353 1001fbeb 21353->21344 21355->21344 21357 100236e2 21356->21357 21358 1001fba3 21356->21358 21359 1002e654 _malloc 67 API calls 21357->21359 21358->21351 21360 1001fb50 80 API calls ctype 21358->21360 21359->21358 21360->21351 21361->21353 21362 1002eaac 21363 1002eab7 21362->21363 21364 1002eabc 21362->21364 21380 1003732f GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 21363->21380 21368 1002e9b6 21364->21368 21367 1002eaca 21370 1002e9c2 _fseek 21368->21370 21369 1002ea0f 21378 1002ea5f _fseek 21369->21378 21428 10008080 21369->21428 21370->21369 21370->21378 21381 1002e881 21370->21381 21378->21367 21380->21364 21382 1002e890 21381->21382 21383 1002e90c 21381->21383 21433 10035645 HeapCreate 21382->21433 21385 1002e943 21383->21385 21390 1002e912 21383->21390 21386 1002e948 21385->21386 21387 1002e9a1 21385->21387 21552 1003459f 8 API calls __decode_pointer 21386->21552 21396 1002e89b 21387->21396 21583 100348b9 79 API calls 2 library calls 21387->21583 21391 1002e92d 21390->21391 21390->21396 21548 10030912 67 API calls _doexit 21390->21548 21391->21396 21549 10036caa 68 API calls ___convertcp 21391->21549 21393 1002e94d 21553 100351f3 21393->21553 21396->21369 21398 1002e8a7 __RTC_Initialize 21401 1002e8ab 21398->21401 21407 1002e8b7 GetCommandLineA 21398->21407 21545 10035675 VirtualFree HeapFree HeapFree HeapDestroy 21401->21545 21402 1002e937 21550 100345d3 70 API calls 2 library calls 21402->21550 21406 1002e93c 21551 10035675 VirtualFree HeapFree HeapFree HeapDestroy 21406->21551 21469 1003702b 21407->21469 21413 1002e8d1 21416 1002e8d5 21413->21416 21511 10036f70 21413->21511 21414 1002e995 21570 1002e577 21414->21570 21415 1002e97e 21569 10034610 67 API calls 5 library calls 21415->21569 21546 100345d3 70 API calls 2 library calls 21416->21546 21421 1002e985 GetCurrentThreadId 21421->21396 21423 1002e8f5 21423->21396 21547 10036caa 68 API calls ___convertcp 21423->21547 21699 1001ffa0 21428->21699 21434 1002e896 21433->21434 21434->21396 21435 10034927 GetModuleHandleW 21434->21435 21436 10034942 21435->21436 21437 1003493b 21435->21437 21439 10034aaa 21436->21439 21440 1003494c GetProcAddress GetProcAddress GetProcAddress GetProcAddress 21436->21440 21584 1003065c Sleep GetModuleHandleW 21437->21584 21600 100345d3 70 API calls 2 library calls 21439->21600 21441 10034995 TlsAlloc 21440->21441 21445 10034aaf 21441->21445 21446 100349e3 TlsSetValue 21441->21446 21443 10034941 21443->21436 21445->21398 21446->21445 21447 100349f4 21446->21447 21585 10030921 7 API calls 4 library calls 21447->21585 21449 100349f9 21586 100344a9 TlsGetValue 21449->21586 21452 100344a9 __encode_pointer 7 API calls 21453 10034a14 21452->21453 21454 100344a9 __encode_pointer 7 API calls 21453->21454 21455 10034a24 21454->21455 21456 100344a9 __encode_pointer 7 API calls 21455->21456 21457 10034a34 21456->21457 21598 100356e9 InitializeCriticalSectionAndSpinCount __ioinit 21457->21598 21459 10034a41 21459->21439 21460 10034524 __decode_pointer 6 API calls 21459->21460 21461 10034a55 21460->21461 21461->21439 21462 100351f3 __calloc_crt 67 API calls 21461->21462 21463 10034a6e 21462->21463 21463->21439 21464 10034524 __decode_pointer 6 API calls 21463->21464 21465 10034a88 21464->21465 21465->21439 21466 10034a8f 21465->21466 21599 10034610 67 API calls 5 library calls 21466->21599 21468 10034a97 GetCurrentThreadId 21468->21445 21470 10037049 GetEnvironmentStringsW 21469->21470 21474 10037068 21469->21474 21471 10037051 21470->21471 21472 1003705d GetLastError 21470->21472 21476 10037093 WideCharToMultiByte 21471->21476 21477 10037084 GetEnvironmentStringsW 21471->21477 21472->21474 21473 10037101 21475 1003710a GetEnvironmentStrings 21473->21475 21478 1002e8c7 21473->21478 21474->21471 21474->21473 21475->21478 21479 1003711a 21475->21479 21482 100370c7 21476->21482 21483 100370f6 FreeEnvironmentStringsW 21476->21483 21477->21476 21477->21478 21496 10036a56 21478->21496 21603 100351ae 67 API calls _malloc 21479->21603 21602 100351ae 67 API calls _malloc 21482->21602 21483->21478 21486 10037134 21489 10037147 21486->21489 21490 1003713b FreeEnvironmentStringsA 21486->21490 21487 100370cd 21487->21483 21488 100370d5 WideCharToMultiByte 21487->21488 21491 100370e7 21488->21491 21495 100370ef 21488->21495 21604 1002db20 __VEC_memcpy 21489->21604 21490->21478 21493 1002e577 ___convertcp 67 API calls 21491->21493 21493->21495 21494 10037151 FreeEnvironmentStringsA 21494->21478 21495->21483 21605 10030e38 21496->21605 21498 10036a62 GetStartupInfoA 21499 100351f3 __calloc_crt 67 API calls 21498->21499 21506 10036a83 21499->21506 21500 10036ca1 _fseek 21500->21413 21501 10036c1e GetStdHandle 21505 10036be8 21501->21505 21502 10036c83 SetHandleCount 21502->21500 21503 100351f3 __calloc_crt 67 API calls 21503->21506 21504 10036c30 GetFileType 21504->21505 21505->21500 21505->21501 21505->21502 21505->21504 21607 100386ab InitializeCriticalSectionAndSpinCount _fseek 21505->21607 21506->21500 21506->21503 21506->21505 21508 10036b6b 21506->21508 21507 10036b94 GetFileType 21507->21508 21508->21500 21508->21505 21508->21507 21606 100386ab InitializeCriticalSectionAndSpinCount _fseek 21508->21606 21512 10036f85 21511->21512 21513 10036f8a GetModuleFileNameA 21511->21513 21614 100334dc 111 API calls __setmbcp 21512->21614 21514 10036fb1 21513->21514 21608 10036dd6 21514->21608 21518 1002e8e1 21518->21423 21524 10036cf8 21518->21524 21519 10036fed 21615 100351ae 67 API calls _malloc 21519->21615 21521 10036ff3 21521->21518 21522 10036dd6 _parse_cmdline 77 API calls 21521->21522 21523 1003700d 21522->21523 21523->21518 21525 10036d01 21524->21525 21528 10036d06 _strlen 21524->21528 21617 100334dc 111 API calls __setmbcp 21525->21617 21526 1002e8ea 21526->21423 21539 1003074b 21526->21539 21528->21526 21529 100351f3 __calloc_crt 67 API calls 21528->21529 21533 10036d3b _strlen 21529->21533 21530 10036d99 21531 1002e577 ___convertcp 67 API calls 21530->21531 21531->21526 21532 100351f3 __calloc_crt 67 API calls 21532->21533 21533->21526 21533->21530 21533->21532 21534 10036dbf 21533->21534 21537 10036d80 21533->21537 21618 1003096f 67 API calls _strcat_s 21533->21618 21535 1002e577 ___convertcp 67 API calls 21534->21535 21535->21526 21537->21533 21619 10032cb9 10 API calls 3 library calls 21537->21619 21540 10030759 __IsNonwritableInCurrentImage 21539->21540 21620 1003817c 21540->21620 21542 10030777 __initterm_e 21544 10030796 __IsNonwritableInCurrentImage __initterm 21542->21544 21624 1002e391 21542->21624 21544->21423 21545->21396 21546->21401 21547->21416 21548->21391 21549->21402 21550->21406 21551->21396 21552->21393 21555 100351fc 21553->21555 21556 1002e959 21555->21556 21557 1003521a Sleep 21555->21557 21677 1003b872 21555->21677 21556->21396 21559 10034524 TlsGetValue 21556->21559 21558 1003522f 21557->21558 21558->21555 21558->21556 21560 1003455d GetModuleHandleW 21559->21560 21561 1003453c 21559->21561 21563 10034578 GetProcAddress 21560->21563 21564 1003456d 21560->21564 21561->21560 21562 10034546 TlsGetValue 21561->21562 21568 10034551 21562->21568 21566 1002e977 21563->21566 21695 1003065c Sleep GetModuleHandleW 21564->21695 21566->21414 21566->21415 21567 10034573 21567->21563 21567->21566 21568->21560 21568->21566 21569->21421 21571 1002e583 _fseek 21570->21571 21572 1002e5c2 21571->21572 21573 1002e5fc _realloc _fseek 21571->21573 21575 10035865 __lock 65 API calls 21571->21575 21572->21573 21574 1002e5d7 RtlFreeHeap 21572->21574 21573->21396 21574->21573 21576 1002e5e9 21574->21576 21577 1002e59a ___sbh_find_block 21575->21577 21698 10030d24 67 API calls __getptd_noexit 21576->21698 21580 1002e5b4 21577->21580 21696 100358c8 VirtualFree VirtualFree HeapFree _memmove_s 21577->21696 21579 1002e5ee GetLastError 21579->21573 21697 1002e5cd LeaveCriticalSection _doexit 21580->21697 21583->21396 21584->21443 21585->21449 21587 100344e2 GetModuleHandleW 21586->21587 21588 100344c1 21586->21588 21589 100344f2 21587->21589 21590 100344fd GetProcAddress 21587->21590 21588->21587 21591 100344cb TlsGetValue 21588->21591 21601 1003065c Sleep GetModuleHandleW 21589->21601 21597 100344da 21590->21597 21596 100344d6 21591->21596 21593 100344f8 21593->21590 21594 10034515 21593->21594 21594->21452 21595 1003450d RtlEncodePointer 21595->21594 21596->21587 21596->21597 21597->21594 21597->21595 21598->21459 21599->21468 21600->21445 21601->21593 21602->21487 21603->21486 21604->21494 21605->21498 21606->21508 21607->21505 21610 10036df5 21608->21610 21612 10036e62 21610->21612 21616 10031907 77 API calls x_ismbbtype_l 21610->21616 21611 10036f60 21611->21518 21611->21519 21612->21611 21613 10031907 77 API calls _parse_cmdline 21612->21613 21613->21612 21614->21513 21615->21521 21616->21610 21617->21528 21618->21533 21619->21537 21621 10038182 21620->21621 21622 100344a9 __encode_pointer 7 API calls 21621->21622 21623 1003819a 21621->21623 21622->21621 21623->21542 21627 1002e355 21624->21627 21626 1002e39e 21626->21544 21628 1002e361 _fseek 21627->21628 21635 100306f8 21628->21635 21634 1002e382 _fseek 21634->21626 21661 10035865 21635->21661 21637 1002e366 21638 1002e26a 21637->21638 21639 10034524 __decode_pointer 6 API calls 21638->21639 21640 1002e27e 21639->21640 21641 10034524 __decode_pointer 6 API calls 21640->21641 21642 1002e28e 21641->21642 21653 1002e311 21642->21653 21670 100317be 68 API calls 5 library calls 21642->21670 21644 1002e2ac 21647 1002e2d6 21644->21647 21648 1002e2c7 21644->21648 21657 1002e2f8 21644->21657 21645 100344a9 __encode_pointer 7 API calls 21646 1002e306 21645->21646 21649 100344a9 __encode_pointer 7 API calls 21646->21649 21651 1002e2d0 21647->21651 21647->21653 21671 1003523f 74 API calls _realloc 21648->21671 21649->21653 21651->21647 21655 1002e2ec 21651->21655 21672 1003523f 74 API calls _realloc 21651->21672 21658 1002e38b 21653->21658 21654 1002e2e6 21654->21653 21654->21655 21656 100344a9 __encode_pointer 7 API calls 21655->21656 21656->21657 21657->21645 21673 10030701 21658->21673 21662 1003587a 21661->21662 21663 1003588d EnterCriticalSection 21661->21663 21668 100357a2 67 API calls 10 library calls 21662->21668 21663->21637 21665 10035880 21665->21663 21669 1003068c 67 API calls 3 library calls 21665->21669 21667 1003588c 21667->21663 21668->21665 21669->21667 21670->21644 21671->21651 21672->21654 21676 1003578b LeaveCriticalSection 21673->21676 21675 1002e390 21675->21634 21676->21675 21678 1003b87e _fseek 21677->21678 21679 1003b896 21678->21679 21682 1003b8b5 _memset 21678->21682 21690 10030d24 67 API calls __getptd_noexit 21679->21690 21681 1003b89b 21691 10032de1 6 API calls 2 library calls 21681->21691 21684 1003b927 RtlAllocateHeap 21682->21684 21686 10035865 __lock 66 API calls 21682->21686 21687 1003b8ab _fseek 21682->21687 21692 10036077 5 API calls 2 library calls 21682->21692 21693 1003b96e LeaveCriticalSection _doexit 21682->21693 21694 1003654f 6 API calls __decode_pointer 21682->21694 21684->21682 21686->21682 21687->21555 21690->21681 21692->21682 21693->21682 21694->21682 21695->21567 21696->21580 21697->21572 21698->21579 21700 1001ffdf _strlen 21699->21700 21714 1001f0b0 21700->21714 21702 10020056 ___DllMainCRTStartup 21705 10020305 21702->21705 21723 10001920 69 API calls 4 library calls 21702->21723 21704 10020326 21719 1001f970 21704->21719 21705->21704 21724 1001f830 69 API calls ___DllMainCRTStartup 21705->21724 21709 10008000 21710 1002e654 _malloc 67 API calls 21709->21710 21711 10008010 21710->21711 21712 1000801c 21711->21712 21713 1002e577 ___convertcp 67 API calls 21711->21713 21713->21712 21725 1001f910 21714->21725 21717 1001f148 21717->21702 21720 1001f995 21719->21720 21721 1000809c 21719->21721 21731 10044028 LeaveCriticalSection std::locale::facet::_Decref 21720->21731 21721->21709 21723->21705 21724->21704 21726 1001f93d 21725->21726 21727 1001f0ed 21725->21727 21730 1004401f EnterCriticalSection std::_Lockit::_Lockit 21726->21730 21727->21717 21729 1001ea80 69 API calls std::ios_base::_Init 21727->21729 21729->21717 21730->21727 21731->21721

                                                                                                          Executed Functions

                                                                                                          Function 10002D40, Relevance: 22.8, APIs: 15, Instructions: 331COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 7 10002d40-10002d67 call 100024a0 10 10002d70-10002d81 7->10 11 10002d69-10002d6b 7->11 13 10002d83-10002d90 SetLastError 10->13 14 10002d95-10002db0 call 100024a0 10->14 12 1000315a-1000315d 11->12 13->12 17 10002db2-10002db4 14->17 18 10002db9-10002dce 14->18 17->12 19 10002dd0-10002ddd SetLastError 18->19 20 10002de2-10002def 18->20 19->12 21 10002df1-10002dfe SetLastError 20->21 22 10002e03-10002e0c 20->22 21->12 23 10002e20-10002e41 22->23 24 10002e0e-10002e1b SetLastError 22->24 25 10002e55-10002e5f 23->25 24->12 26 10002e61-10002e68 25->26 27 10002e97-10002ed2 GetNativeSystemInfo 25->27 30 10002e78-10002e84 26->30 31 10002e6a-10002e76 26->31 28 10002ed4-10002ee1 SetLastError 27->28 29 10002ee6-10002f05 VirtualAlloc 27->29 28->12 33 10002f32-10002f4a GetProcessHeap HeapAlloc 29->33 34 10002f07-10002f21 VirtualAlloc 29->34 32 10002e87-10002e8d 30->32 31->32 35 10002e95 32->35 36 10002e8f-10002e92 32->36 38 10002f6c-10002fd0 call 100024a0 33->38 39 10002f4c-10002f67 VirtualFree SetLastError 33->39 34->33 37 10002f23-10002f2d SetLastError 34->37 35->25 36->35 37->12 43 10002fd2 38->43 44 10002fdc-10003041 VirtualAlloc call 10002320 call 100024d0 38->44 39->12 45 1000314c-10003158 call 10003310 43->45 52 10003043 44->52 53 1000304d-1000305e 44->53 45->12 52->45 54 10003060-10003076 call 100029c0 53->54 55 10003078-1000307b 53->55 57 10003082-10003090 call 10002ab0 54->57 55->57 61 10003092 57->61 62 1000309c-100030aa call 100027c0 57->62 61->45 65 100030b6-100030c4 call 10002940 62->65 66 100030ac 62->66 69 100030c6 65->69 70 100030cd-100030d6 65->70 66->45 69->45 71 100030d8-100030df 70->71 72 1000313d-10003140 70->72 73 100030e1-10003102 71->73 74 1000312a-10003138 71->74 75 10003147-1000314a 72->75 77 10003106-1000310d 73->77 76 1000313b 74->76 75->12 75->45 76->75 78 1000311e-10003128 77->78 79 1000310f-1000311a SetLastError 77->79 78->76 79->45
                                                                                                          APIs
                                                                                                            • Part of subcall function 100024A0: SetLastError.KERNEL32(0000000D,?,?,10002D65,1001DF0A,00000040), ref: 100024B1
                                                                                                          • SetLastError.KERNEL32(000000C1,1001DF0A,00000040), ref: 10002D88
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorLast
                                                                                                          • String ID:
                                                                                                          • API String ID: 1452528299-0
                                                                                                          • Opcode ID: 6650c2dd50d65ac3f23d73d252b9ed4773b7d6bfb551cac519879840267a53eb
                                                                                                          • Instruction ID: 8eda3ac1f8f3e078098bdc719848e1594ce6d4798074e02e4610946cd2a58ef5
                                                                                                          • Opcode Fuzzy Hash: 6650c2dd50d65ac3f23d73d252b9ed4773b7d6bfb551cac519879840267a53eb
                                                                                                          • Instruction Fuzzy Hash: 7CE1E774A00209DFEB05CF94C994AAEB7B6FF8C344F208559E909AB399D770ED42CB54
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002ADAC, Relevance: 16.6, APIs: 11, Instructions: 106memoryCOMMONLIBRARYCODE
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          APIs
                                                                                                          • EnterCriticalSection.KERNEL32(100863DC,?,?,?,100863C0,100863C0,?,1002B10F,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002ADBF
                                                                                                          • GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,100863C0,100863C0,?,1002B10F,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004), ref: 1002AE15
                                                                                                          • GlobalHandle.KERNEL32 ref: 1002AE1E
                                                                                                          • GlobalUnlock.KERNEL32(00000000,?,?,?,100863C0,100863C0,?,1002B10F,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002AE28
                                                                                                          • GlobalReAlloc.KERNEL32(?,00000000,00002002), ref: 1002AE41
                                                                                                          • GlobalHandle.KERNEL32 ref: 1002AE53
                                                                                                          • GlobalLock.KERNEL32 ref: 1002AE5A
                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,?,100863C0,100863C0,?,1002B10F,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002AE63
                                                                                                          • GlobalLock.KERNEL32 ref: 1002AE6F
                                                                                                          • _memset.LIBCMT ref: 1002AE89
                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 1002AEB7
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Global$CriticalSection$AllocHandleLeaveLock$EnterUnlock_memset
                                                                                                          • String ID:
                                                                                                          • API String ID: 496899490-0
                                                                                                          • Opcode ID: 0164f1c6eb9680f14c75084477ec16f681797b22eeba17cddfee44694ed90e92
                                                                                                          • Instruction ID: 1a22abfe9f33a297b41a0f192d06fc5d98366496c497f4e189800256e1e6bccf
                                                                                                          • Opcode Fuzzy Hash: 0164f1c6eb9680f14c75084477ec16f681797b22eeba17cddfee44694ed90e92
                                                                                                          • Instruction Fuzzy Hash: 1E31AD71600715AFEB21CF68DD89A1BBBF9FF46301B42892DE55AD3661DB30F8818B50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002E577, Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          APIs
                                                                                                          • __lock.LIBCMT ref: 1002E595
                                                                                                            • Part of subcall function 10035865: __mtinitlocknum.LIBCMT ref: 1003587B
                                                                                                            • Part of subcall function 10035865: __amsg_exit.LIBCMT ref: 10035887
                                                                                                            • Part of subcall function 10035865: EnterCriticalSection.KERNEL32(00000000,00000000,?,1003481B,0000000D,1004E828,00000008,10034912,00000000,?,1002E9AC,00000000,?,?,?,1002EA0F), ref: 1003588F
                                                                                                          • ___sbh_find_block.LIBCMT ref: 1002E5A0
                                                                                                          • ___sbh_free_block.LIBCMT ref: 1002E5AF
                                                                                                          • RtlFreeHeap.NTDLL(00000000,00000000,1004E648,0000000C,10034761,00000000,?,100351BF,00000000,00000001,00000000,?,100357EF,00000018,1004E870,0000000C), ref: 1002E5DF
                                                                                                          • GetLastError.KERNEL32(?,100351BF,00000000,00000001,00000000,?,100357EF,00000018,1004E870,0000000C,10035880,00000000,00000000,?,1003481B,0000000D), ref: 1002E5F0
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                                                                          • String ID:
                                                                                                          • API String ID: 2714421763-0
                                                                                                          • Opcode ID: 4be1625d71f223fd5a529c098bfd6286ab20592f98f3d388c1b792f7bfa5bc77
                                                                                                          • Instruction ID: 15e9110145b1e9c1bde58837c3f2254f90dacbefcca8cfa7097211139088966e
                                                                                                          • Opcode Fuzzy Hash: 4be1625d71f223fd5a529c098bfd6286ab20592f98f3d388c1b792f7bfa5bc77
                                                                                                          • Instruction Fuzzy Hash: E001A7358567669EEB21DBB1AC0574D3BE4FF01796F900415F404AA4D1DF34AD40CB54
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 100036A0, Relevance: 4.4, APIs: 1, Strings: 1, Instructions: 937COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 131 100036a0-100036bb call 1002e654 133 100036c0-100036e5 131->133 135 10003896-100038b1 133->135 136 100036eb-10003891 133->136 138 100038b7-10004a34 135->138 139 10004a39-10004a3d 135->139
                                                                                                          APIs
                                                                                                          • _malloc.LIBCMT ref: 100036BB
                                                                                                            • Part of subcall function 1002E654: __FF_MSGBANNER.LIBCMT ref: 1002E677
                                                                                                            • Part of subcall function 1002E654: __NMSG_WRITE.LIBCMT ref: 1002E67E
                                                                                                            • Part of subcall function 1002E654: RtlAllocateHeap.NTDLL(00000000,-0000000F,00000001,00000000,00000000,?,100351BF,00000000,00000001,00000000,?,100357EF,00000018,1004E870,0000000C,10035880), ref: 1002E6CB
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AllocateHeap_malloc
                                                                                                          • String ID: +';
                                                                                                          • API String ID: 501242067-2694261586
                                                                                                          • Opcode ID: 0b326109276fce54ba6433786671c084a7be121183821a19a2d99cb653a252e6
                                                                                                          • Instruction ID: 8c5fde967666ed0afc5dc7c826d0591e9b318715144b3c37a2536eafdc0580d3
                                                                                                          • Opcode Fuzzy Hash: 0b326109276fce54ba6433786671c084a7be121183821a19a2d99cb653a252e6
                                                                                                          • Instruction Fuzzy Hash: 8FB21B369120218FE70ADFACDED5F257BA6F794608747B21FC4018737ADE306464CA5A
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10003440, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 199COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 140 10003440-1000344d 141 10003454-10003462 140->141 142 1000344f call 100033f0 140->142 144 10003464-10003466 141->144 145 1000346b-10003486 141->145 142->141 146 10003699-1000369c 144->146 147 10003495-100034a2 145->147 148 10003488-10003493 145->148 149 100034b1-100034b7 call 1002e654 147->149 150 100034a4-100034af 147->150 148->147 152 100034bc-100034c6 149->152 150->149 153 100034c8-100034ca 152->153 154 100034cf-100034d6 152->154 153->146 155 100034dd-100034e3 154->155 156 10003696 155->156 157 100034e9-100034f5 155->157 156->146 158 100034f7-10003509 157->158 159 1000350b-10003527 157->159 160 1000352a-1000353c 158->160 159->160 161 10003552-1000356d 160->161 162 1000353e-10003550 160->162 163 10003570-10003582 161->163 162->163 164 10003584-10003596 163->164 165 10003598-100035b4 163->165 166 100035b7-100035c9 164->166 165->166 167 100035cb-100035dd 166->167 168 100035df-100035fb 166->168 169 100035fe-10003628 167->169 168->169 170 10003647-1000364f 169->170 171 1000362a-10003644 169->171 172 10003651-1000366b 170->172 173 1000366e-10003676 170->173 171->170 172->173 174 10003691 173->174 175 10003678-1000368e 173->175 174->155 175->174
                                                                                                          APIs
                                                                                                            • Part of subcall function 100033F0: _malloc.LIBCMT ref: 100033F9
                                                                                                          • _malloc.LIBCMT ref: 100034B7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _malloc
                                                                                                          • String ID: +';
                                                                                                          • API String ID: 1579825452-2694261586
                                                                                                          • Opcode ID: 03de1ce98db81d32a198f84050ea0a9e1233ff5b21d79efe49771c2647b1339e
                                                                                                          • Instruction ID: 6db3f6523064f320fd84e53d4013fc8a18f56f5699846b59c9fd9a4c566afa3d
                                                                                                          • Opcode Fuzzy Hash: 03de1ce98db81d32a198f84050ea0a9e1233ff5b21d79efe49771c2647b1339e
                                                                                                          • Instruction Fuzzy Hash: B891E770E04649AFDB09CF98C490AAEBBB2FF85345F24C199D915AB359C335AA90CF44
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10002690, Relevance: 3.1, APIs: 2, Instructions: 98COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 176 10002690-100026a0 177 100026a2-100026a7 176->177 178 100026ac-100026b8 176->178 179 100027ac-100027af 177->179 180 10002714-10002776 178->180 181 100026ba-100026c5 178->181 184 10002784-100027a1 VirtualProtect 180->184 185 10002778-10002781 180->185 182 100026c7-100026ce 181->182 183 1000270a-1000270f 181->183 186 100026d0-100026de 182->186 187 100026f2-10002704 VirtualFree 182->187 183->179 188 100027a3-100027a5 184->188 189 100027a7 184->189 185->184 186->187 190 100026e0-100026f0 186->190 187->183 188->179 189->179 190->183 190->187
                                                                                                          APIs
                                                                                                          • VirtualFree.KERNELBASE(00000000,?,00004000,?,10002928,00000001,00000000,?,100030A8,?,?,?,?,100030A8,00000000,00000000), ref: 10002704
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: FreeVirtual
                                                                                                          • String ID:
                                                                                                          • API String ID: 1263568516-0
                                                                                                          • Opcode ID: 3c4ab6a1de08e5656c1cdd8e190091452f899426c6fe537940d40abfc070cfe1
                                                                                                          • Instruction ID: e47a27f64338b3e84d430cb899d867ed3d67d72a97b2c0655aeaec8263a425f7
                                                                                                          • Opcode Fuzzy Hash: 3c4ab6a1de08e5656c1cdd8e190091452f899426c6fe537940d40abfc070cfe1
                                                                                                          • Instruction Fuzzy Hash: 8841B77461410AAFEB48CF58C490BA9B7B2FB88364F14C659EC1A9F355C731EE41CB84
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 100024D0, Relevance: 2.6, APIs: 2, Instructions: 115memoryCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 191 100024d0-100024fe 192 10002512-1000251e 191->192 193 10002524-1000252b 192->193 194 10002616 192->194 196 10002593-100025ae call 100024a0 193->196 197 1000252d-1000253a 193->197 195 1000261b-1000261e 194->195 206 100025b0-100025b2 196->206 207 100025b4-100025d9 VirtualAlloc 196->207 199 1000253c-1000255e VirtualAlloc 197->199 200 1000258e 197->200 201 10002560-10002562 199->201 202 10002567-1000258b call 100022d0 199->202 200->192 201->195 202->200 206->195 209 100025db-100025dd 207->209 210 100025df-1000260e call 10002320 207->210 209->195 210->194
                                                                                                          APIs
                                                                                                          • VirtualAlloc.KERNEL32(4D8B0000,00000000,00001000,00000004,?,1000303F,00000000), ref: 10002551
                                                                                                          • VirtualAlloc.KERNELBASE(4D8B0000,8B118BBC,00001000,00000004,1001DF0A,8B118BBC,?,1000303F,00000000,1001DF0A,?), ref: 100025CC
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AllocVirtual
                                                                                                          • String ID:
                                                                                                          • API String ID: 4275171209-0
                                                                                                          • Opcode ID: 1d05fb9c1b52efa1b656e8a9f1121a2f78f34b5e3947038098bbbc68630c54fe
                                                                                                          • Instruction ID: f227e8c1e280d8d0b8d11f9a2f1445d4c625449e48c39147985fdcb30a9e5b67
                                                                                                          • Opcode Fuzzy Hash: 1d05fb9c1b52efa1b656e8a9f1121a2f78f34b5e3947038098bbbc68630c54fe
                                                                                                          • Instruction Fuzzy Hash: FE51E9B4A0010AEFDB04CF94C990AAEB7F1FF48345F248598E905AB345D370EE91CBA5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10024BD0, Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          APIs
                                                                                                          • __EH_prolog3_catch.LIBCMT ref: 10024BD7
                                                                                                            • Part of subcall function 10020421: _malloc.LIBCMT ref: 1002043F
                                                                                                            • Part of subcall function 1002AC5C: LocalAlloc.KERNEL32(00000040,?,?,1002AFE7,00000010,?,?,00000000,?,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004), ref: 1002AC66
                                                                                                            • Part of subcall function 100248E2: __EH_prolog3.LIBCMT ref: 100248E9
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AllocH_prolog3H_prolog3_catchLocal_malloc
                                                                                                          • String ID:
                                                                                                          • API String ID: 1104862767-0
                                                                                                          • Opcode ID: fd7fb294918823335492a66fe64f990aaa4eeed4153628f3b589ca3afe8965ee
                                                                                                          • Instruction ID: a1f779584784c66b6c6d6693aa33ee417c0f7bf9ec3ebef889974536428868aa
                                                                                                          • Opcode Fuzzy Hash: fd7fb294918823335492a66fe64f990aaa4eeed4153628f3b589ca3afe8965ee
                                                                                                          • Instruction Fuzzy Hash: 87317AB4A05B40CFD761CF69904125EFBF0FF94700FA08A1EA19A87791CB71A640CB15
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1001FB60, Relevance: 1.6, APIs: 1, Instructions: 80COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 246 1001fb60-1001fba1 call 100236ce 248 1001fba3-1001fbaa 246->248 249 1001fbb1-1001fbb7 248->249 250 1001fbac call 1001fb50 248->250 252 1001fbc1-1001fbc4 249->252 253 1001fbb9-1001fbbf 249->253 250->249 254 1001fbc7-1001fc07 call 1002e804 252->254 253->254 257 1001fc09-1001fc19 254->257 258 1001fc1e-1001fc2c 254->258 257->258
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _memcpy_s
                                                                                                          • String ID:
                                                                                                          • API String ID: 2001391462-0
                                                                                                          • Opcode ID: d3dc88160a5e56be7f368e8a08c7792e6ef88e5c4e6cc4fd85bb2cebbcebf868
                                                                                                          • Instruction ID: f5ed4905dd4460340b5ac9a4a0a7973f6bbe06acb99917e18be8531ceafe8f55
                                                                                                          • Opcode Fuzzy Hash: d3dc88160a5e56be7f368e8a08c7792e6ef88e5c4e6cc4fd85bb2cebbcebf868
                                                                                                          • Instruction Fuzzy Hash: EA3197B4E0060ADFCB04DF98C891AAEB7B1FF88310F148699E915AB355D730AD41CF94
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002B0BB, Relevance: 1.5, APIs: 1, Instructions: 43COMMONLIBRARYCODE
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 260 1002b0bb-1002b0d3 call 10030535 263 1002b0d5 call 10023b5b 260->263 264 1002b0da-1002b0dd 260->264 263->264 266 1002b115-1002b126 call 1002ac8f 264->266 267 1002b0df-1002b0e7 264->267 276 1002b13b-1002b142 call 1003060d 266->276 277 1002b128-1002b136 call 1002af6b 266->277 269 1002b10a call 1002adac 267->269 270 1002b0e9-1002b108 call 1002aec4 267->270 275 1002b10f-1002b113 269->275 270->263 270->269 275->263 275->266 277->276
                                                                                                          APIs
                                                                                                          • __EH_prolog3.LIBCMT ref: 1002B0C2
                                                                                                            • Part of subcall function 10023B5B: __CxxThrowException@8.LIBCMT ref: 10023B71
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Exception@8H_prolog3Throw
                                                                                                          • String ID:
                                                                                                          • API String ID: 3670251406-0
                                                                                                          • Opcode ID: 4f981416dc5ef7bbdfecb2dfbb495584922b02ae1a1aa31fe3482948e2cc2218
                                                                                                          • Instruction ID: c80a5d1f5578f8721dbd374575b215f2d5835d67e27bcfac389e5dd05e3c6f9c
                                                                                                          • Opcode Fuzzy Hash: 4f981416dc5ef7bbdfecb2dfbb495584922b02ae1a1aa31fe3482948e2cc2218
                                                                                                          • Instruction Fuzzy Hash: FE017C386006438BDB26DF64DC6172E76E2EB843A1FA2442EE9518B291EF359D41CB40
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10008000, Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 282 10008000-1000801a call 1002e654 285 10008023-10008037 282->285 286 1000801c-10008021 282->286 288 1000804b-10008052 285->288 287 1000807b-1000807e 286->287 289 10008054-1000805c 288->289 290 1000805e-10008062 call 1002e577 288->290 289->288 293 10008067-10008070 290->293 294 10008072-10008074 293->294 295 10008076 293->295 294->287 295->287
                                                                                                          APIs
                                                                                                          • _malloc.LIBCMT ref: 1000800B
                                                                                                            • Part of subcall function 1002E654: __FF_MSGBANNER.LIBCMT ref: 1002E677
                                                                                                            • Part of subcall function 1002E654: __NMSG_WRITE.LIBCMT ref: 1002E67E
                                                                                                            • Part of subcall function 1002E654: RtlAllocateHeap.NTDLL(00000000,-0000000F,00000001,00000000,00000000,?,100351BF,00000000,00000001,00000000,?,100357EF,00000018,1004E870,0000000C,10035880), ref: 1002E6CB
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AllocateHeap_malloc
                                                                                                          • String ID:
                                                                                                          • API String ID: 501242067-0
                                                                                                          • Opcode ID: 9844e1e0ea7d25e2d8370f8d0841ec7162df559c8b01d3b16c313ebecebe2b95
                                                                                                          • Instruction ID: 9a20b1d8cf5172607ffba420905976db52b7852b2de11c78eab645b8586f80a8
                                                                                                          • Opcode Fuzzy Hash: 9844e1e0ea7d25e2d8370f8d0841ec7162df559c8b01d3b16c313ebecebe2b95
                                                                                                          • Instruction Fuzzy Hash: BD012CB4D08158EBEB00CFA4D85569EBBB4FB00394F108895D9516B305D376AB18DB91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 100236CE, Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 296 100236ce-100236dc 297 100236e2-100236ed call 1002e654 296->297 298 100236de-100236e0 296->298 301 100236f2-100236f5 297->301 299 10023707-1002370a 298->299 301->298 302 100236f7-10023704 301->302 302->299
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _malloc
                                                                                                          • String ID:
                                                                                                          • API String ID: 1579825452-0
                                                                                                          • Opcode ID: f1b84940060e793f2024458e4c8e5a4687c3363722e5127f1986a87a664482b3
                                                                                                          • Instruction ID: 890261fd43258a4c098dfe067f91bb2ba3d5f49a8a728e9457d7994589d2c75f
                                                                                                          • Opcode Fuzzy Hash: f1b84940060e793f2024458e4c8e5a4687c3363722e5127f1986a87a664482b3
                                                                                                          • Instruction Fuzzy Hash: 4CE06D766006156BC700CB4AE408A46BBDCDFA13B0F56C466E808CB252CAB1E8048BA0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002ACFB, Relevance: 1.5, APIs: 1, Instructions: 21COMMONLIBRARYCODE
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 303 1002acfb-1002ad0d call 10030568 306 1002ad30-1002ad37 call 1003060d 303->306 307 1002ad0f-1002ad1e call 1002a6ab 303->307 312 1002ad20 call 10024d0b 307->312 313 1002ad25-1002ad2b call 1002a71d 307->313 315 1002ad23 312->315 313->306 315->313
                                                                                                          APIs
                                                                                                          • __EH_prolog3_catch.LIBCMT ref: 1002AD02
                                                                                                            • Part of subcall function 1002A6AB: EnterCriticalSection.KERNEL32(10086308,?,?,?,?,1002AD16,00000010,00000008,10024D7E,10024D21,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002A6E5
                                                                                                            • Part of subcall function 1002A6AB: InitializeCriticalSection.KERNEL32(?,?,?,?,?,1002AD16,00000010,00000008,10024D7E,10024D21,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002A6F7
                                                                                                            • Part of subcall function 1002A6AB: LeaveCriticalSection.KERNEL32(10086308,?,?,?,?,1002AD16,00000010,00000008,10024D7E,10024D21,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002A704
                                                                                                            • Part of subcall function 1002A6AB: EnterCriticalSection.KERNEL32(?,?,?,?,?,1002AD16,00000010,00000008,10024D7E,10024D21,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002A714
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CriticalSection$Enter$H_prolog3_catchInitializeLeave
                                                                                                          • String ID:
                                                                                                          • API String ID: 1641187343-0
                                                                                                          • Opcode ID: 66fe0e46e7327439d87287bd7a4e421fc252772a67af4eb91e5b37aeeae1f300
                                                                                                          • Instruction ID: 3b67d6bb43f4ea54dfbebb57807521158ddd2742ca645746548a7aae3598e2fb
                                                                                                          • Opcode Fuzzy Hash: 66fe0e46e7327439d87287bd7a4e421fc252772a67af4eb91e5b37aeeae1f300
                                                                                                          • Instruction Fuzzy Hash: F3E04F386442069BE760DFA4D846B4DB6E0EF01762FA04628F9D1EB2C2DF70AD80DB15
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10035645, Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMONLIBRARYCODE
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 317 10035645-10035667 HeapCreate 318 1003566b-10035674 317->318 319 10035669-1003566a 317->319
                                                                                                          APIs
                                                                                                          • HeapCreate.KERNELBASE(00000000,00001000,00000000,?,1002E896,00000001,?,?,?,1002EA0F,?,?,?,1004E6A8,0000000C,1002EACA), ref: 1003565A
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CreateHeap
                                                                                                          • String ID:
                                                                                                          • API String ID: 10892065-0
                                                                                                          • Opcode ID: 11ed1c273bd328d3672869b0a3b6640a53f1cfb0cc5beffffd0de0ee24041fc5
                                                                                                          • Instruction ID: 0df5893edc33e170cd9319f6da52f4968d67da800731ff8b92bc7feba6a3d305
                                                                                                          • Opcode Fuzzy Hash: 11ed1c273bd328d3672869b0a3b6640a53f1cfb0cc5beffffd0de0ee24041fc5
                                                                                                          • Instruction Fuzzy Hash: 17D05E329507559EF7029F716C49B223BDCE384A96F048436F80CC61A0E670C6418A04
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Non-executed Functions

                                                                                                          Function 1003C7D2, Relevance: 66.4, APIs: 44, Instructions: 432COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ___getlocaleinfo
                                                                                                          • String ID:
                                                                                                          • API String ID: 1937885557-0
                                                                                                          • Opcode ID: 140fc5ec8b9a87e1cb2285073580b9a6ca86accc3e2e9ca1bcb8d5ec2949de64
                                                                                                          • Instruction ID: b04c4d7f6a57d8df90e79b3f21b47685716bac7d418787b81275d3872e324d7c
                                                                                                          • Opcode Fuzzy Hash: 140fc5ec8b9a87e1cb2285073580b9a6ca86accc3e2e9ca1bcb8d5ec2949de64
                                                                                                          • Instruction Fuzzy Hash: 0DE1DDB294060DBEEF12CAE1CC85DFFB7BDFB04744F14096AB255E6041EA71AB059B60
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10001160, Relevance: 10.6, APIs: 7, Instructions: 71networkCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • WSAStartup.WS2_32(?,?), ref: 10001194
                                                                                                          • _memset.LIBCMT ref: 100011A8
                                                                                                          • htonl.WS2_32(00000000), ref: 100011C1
                                                                                                          • htons.WS2_32(?), ref: 100011D5
                                                                                                          • socket.WS2_32(00000002,00000002,00000000), ref: 100011EB
                                                                                                          • bind.WS2_32(?,?,00000010), ref: 10001210
                                                                                                          • setsockopt.WS2_32(?,0000FFFF,00001006,00000001,00000008), ref: 10001252
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Startup_memsetbindhtonlhtonssetsockoptsocket
                                                                                                          • String ID:
                                                                                                          • API String ID: 1003240404-0
                                                                                                          • Opcode ID: 4267394abd7b2fe00b1ee463b318e0afc4881c9e2497cd05d0da4904e14a920c
                                                                                                          • Instruction ID: 8b71fe392eebb4791ef10e00b80357e65c28fbed0d3ec8f38f9f26760835bea4
                                                                                                          • Opcode Fuzzy Hash: 4267394abd7b2fe00b1ee463b318e0afc4881c9e2497cd05d0da4904e14a920c
                                                                                                          • Instruction Fuzzy Hash: D6317C74A01228AFE760CB54CC85BE9B7B4FF8A714F0041D8E949AB281CB71AD80DF55
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1001DFC0, Relevance: 9.1, APIs: 6, Instructions: 83windowCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • IsIconic.USER32 ref: 1001DFE3
                                                                                                            • Part of subcall function 10024266: __EH_prolog3.LIBCMT ref: 1002426D
                                                                                                            • Part of subcall function 10024266: BeginPaint.USER32(?,?,00000004,10022D30,?,00000058,1001E0C9), ref: 10024299
                                                                                                          • SendMessageA.USER32 ref: 1001E031
                                                                                                          • GetSystemMetrics.USER32 ref: 1001E039
                                                                                                          • GetSystemMetrics.USER32 ref: 1001E044
                                                                                                          • GetClientRect.USER32 ref: 1001E05B
                                                                                                          • DrawIcon.USER32 ref: 1001E0AE
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: MetricsSystem$BeginClientDrawH_prolog3IconIconicMessagePaintRectSend
                                                                                                          • String ID:
                                                                                                          • API String ID: 1007970657-0
                                                                                                          • Opcode ID: 3259dfba3eec98d8480867ab092ef1825236dcdbd4a97db3d006f8f0a7e1c205
                                                                                                          • Instruction ID: 44eb2ef316f0b933980e992ec3fa30d6a4f6e9fba2b57c8abd37e2d05c6bd9c1
                                                                                                          • Opcode Fuzzy Hash: 3259dfba3eec98d8480867ab092ef1825236dcdbd4a97db3d006f8f0a7e1c205
                                                                                                          • Instruction Fuzzy Hash: 4A31EA75A00119DFDB24CFA8C985FAEBBB5FB48300F108299E549E7241DA30AE84DF54
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002129B, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73libraryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • _strcpy_s.LIBCMT ref: 100212CD
                                                                                                            • Part of subcall function 100210FF: __CxxThrowException@8.LIBCMT ref: 10023B71
                                                                                                            • Part of subcall function 100210FF: __cftof.LIBCMT ref: 10023B88
                                                                                                            • Part of subcall function 10030D24: __getptd_noexit.LIBCMT ref: 10030D24
                                                                                                          • GetLocaleInfoA.KERNEL32(00000800,00000003,?,00000004), ref: 100212E5
                                                                                                          • __snwprintf_s.LIBCMT ref: 1002131A
                                                                                                          • LoadLibraryA.KERNEL32(?), ref: 10021355
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Exception@8InfoLibraryLoadLocaleThrow__cftof__getptd_noexit__snwprintf_s_strcpy_s
                                                                                                          • String ID: LOC
                                                                                                          • API String ID: 1016519223-519433814
                                                                                                          • Opcode ID: 8ad2e179110c5fc4a63ba0c3a506fe82720806b71859df2b9a9481073aac2a1f
                                                                                                          • Instruction ID: e5882df6752d869781cd97db702e75e799ef83d3d4dcb43d327d0f518dc3dfd8
                                                                                                          • Opcode Fuzzy Hash: 8ad2e179110c5fc4a63ba0c3a506fe82720806b71859df2b9a9481073aac2a1f
                                                                                                          • Instruction Fuzzy Hash: A021063990121CAFDB11EBA0EC46BDD33EEEB05751F9004A1FA04DB491DB70AE45C6A0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002DB0D, Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • IsDebuggerPresent.KERNEL32 ref: 10031D3A
                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 10031D4F
                                                                                                          • UnhandledExceptionFilter.KERNEL32(10049478), ref: 10031D5A
                                                                                                          • GetCurrentProcess.KERNEL32(C0000409), ref: 10031D76
                                                                                                          • TerminateProcess.KERNEL32(00000000), ref: 10031D7D
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                          • String ID:
                                                                                                          • API String ID: 2579439406-0
                                                                                                          • Opcode ID: 71874975056eb2054f9aced908419e2b906654dc85cf8b7fbf46a45a6eae212a
                                                                                                          • Instruction ID: eb2889493d924e234dee94db6a5018ee6042f58a5b7914c10149dcbc3be7d463
                                                                                                          • Opcode Fuzzy Hash: 71874975056eb2054f9aced908419e2b906654dc85cf8b7fbf46a45a6eae212a
                                                                                                          • Instruction Fuzzy Hash: C8219AB8C01A24DFF742DF68DDC96883BB4FB1C345F52102AE9088B665E7B06985CF15
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10027958, Relevance: 6.0, APIs: 4, Instructions: 42keyboardwindowCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: State$LongMessageSendWindow
                                                                                                          • String ID:
                                                                                                          • API String ID: 1063413437-0
                                                                                                          • Opcode ID: a9509507a0c3cd732412f6ac1bfcc6ca4a4eab2c6e7fc2ddd7a5ec5eb68b4cea
                                                                                                          • Instruction ID: a80f2be592eaa4d0f51a0e10a6f75c43a55355dd3138243e3a8160c71d5bf3bd
                                                                                                          • Opcode Fuzzy Hash: a9509507a0c3cd732412f6ac1bfcc6ca4a4eab2c6e7fc2ddd7a5ec5eb68b4cea
                                                                                                          • Instruction Fuzzy Hash: 0AF0E93A7C035B66EA10E6707C81F950814FF45BD4FC11431BF49EA1D2DFA0C89119B0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10028DEC, Relevance: 33.4, APIs: 16, Strings: 3, Instructions: 179COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog3_GS.LIBCMT ref: 10028DF6
                                                                                                            • Part of subcall function 1002B0BB: __EH_prolog3.LIBCMT ref: 1002B0C2
                                                                                                          • CallNextHookEx.USER32 ref: 10028E3A
                                                                                                            • Part of subcall function 10023B5B: __CxxThrowException@8.LIBCMT ref: 10023B71
                                                                                                          • GetClassLongA.USER32 ref: 10028E7E
                                                                                                          • GlobalGetAtomNameA.KERNEL32 ref: 10028EA8
                                                                                                          • SetWindowLongA.USER32 ref: 10028EFD
                                                                                                          • _memset.LIBCMT ref: 10028F47
                                                                                                          • GetClassLongA.USER32 ref: 10028F77
                                                                                                          • GetClassNameA.USER32(?,?,00000100), ref: 10028F98
                                                                                                          • GetWindowLongA.USER32 ref: 10028FBC
                                                                                                          • GetPropA.USER32 ref: 10028FD6
                                                                                                          • SetPropA.USER32(?,AfxOldWndProc423,?), ref: 10028FE1
                                                                                                          • GetPropA.USER32 ref: 10028FE9
                                                                                                          • GlobalAddAtomA.KERNEL32 ref: 10028FF1
                                                                                                          • SetWindowLongA.USER32 ref: 10028FFF
                                                                                                          • CallNextHookEx.USER32 ref: 10029017
                                                                                                          • UnhookWindowsHookEx.USER32(?), ref: 1002902B
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Long$ClassHookPropWindow$AtomCallGlobalNameNext$Exception@8H_prolog3H_prolog3_ThrowUnhookWindows_memset
                                                                                                          • String ID: #32768$AfxOldWndProc423$ime
                                                                                                          • API String ID: 867647115-4034971020
                                                                                                          • Opcode ID: 028737d45415cf4fc653e4401d117fb93ecf855678ad16e5d4e8c367e2bfe641
                                                                                                          • Instruction ID: c9f41a1409c6bb8d0fa3b18bb25e3997143979ac063bd30542687b89172f9a1c
                                                                                                          • Opcode Fuzzy Hash: 028737d45415cf4fc653e4401d117fb93ecf855678ad16e5d4e8c367e2bfe641
                                                                                                          • Instruction Fuzzy Hash: 2361027590122AAFDB11DF61DD88B9E7BB8FF093A1F920154F509E6191DB30DE80CBA4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 100214CB, Relevance: 31.7, APIs: 14, Strings: 4, Instructions: 158libraryloaderCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog3_GS.LIBCMT ref: 100214D5
                                                                                                          • GetModuleHandleA.KERNEL32(kernel32.dll,0000015C,1002179C,?,?), ref: 10021505
                                                                                                          • GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 10021519
                                                                                                          • ConvertDefaultLocale.KERNEL32(?), ref: 10021555
                                                                                                          • ConvertDefaultLocale.KERNEL32(?), ref: 10021563
                                                                                                          • GetProcAddress.KERNEL32(?,GetSystemDefaultUILanguage), ref: 10021580
                                                                                                          • ConvertDefaultLocale.KERNEL32(?), ref: 100215AB
                                                                                                          • ConvertDefaultLocale.KERNEL32(000003FF), ref: 100215B4
                                                                                                          • GetModuleHandleA.KERNEL32(ntdll.dll), ref: 100215CD
                                                                                                          • EnumResourceLanguagesA.KERNEL32 ref: 100215EA
                                                                                                          • ConvertDefaultLocale.KERNEL32(?), ref: 1002161D
                                                                                                          • ConvertDefaultLocale.KERNEL32(00000000), ref: 10021626
                                                                                                          • GetModuleFileNameA.KERNEL32(10000000,?,00000105), ref: 10021669
                                                                                                          • _memset.LIBCMT ref: 10021689
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ConvertDefaultLocale$Module$AddressHandleProc$EnumFileH_prolog3_LanguagesNameResource_memset
                                                                                                          • String ID: GetSystemDefaultUILanguage$GetUserDefaultUILanguage$kernel32.dll$ntdll.dll
                                                                                                          • API String ID: 3537336938-2299501126
                                                                                                          • Opcode ID: 482ed3ff8adc9dfca9f4a6a5a3eecf6aee0f7f9e6cd518195f59097e54c4c985
                                                                                                          • Instruction ID: 3754a4cc769aa270db1ce7901eb040107ed5b3d0b04ae9dca27c5b132e5f9257
                                                                                                          • Opcode Fuzzy Hash: 482ed3ff8adc9dfca9f4a6a5a3eecf6aee0f7f9e6cd518195f59097e54c4c985
                                                                                                          • Instruction Fuzzy Hash: 77515974C002289BCB61DF659C44BEDBAF4EB59300F5002EAE988E3291DB749E81CF94
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10024F5B, Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 78libraryloaderCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetModuleHandleA.KERNEL32(USER32,00000000,00000000,745F5D80,100250B0,?,?,?,?,?,?,?,10026FEC,00000000,00000002,00000028), ref: 10024F86
                                                                                                          • GetProcAddress.KERNEL32(00000000,GetSystemMetrics), ref: 10024FA2
                                                                                                          • GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 10024FB3
                                                                                                          • GetProcAddress.KERNEL32(00000000,MonitorFromRect), ref: 10024FC4
                                                                                                          • GetProcAddress.KERNEL32(00000000,MonitorFromPoint), ref: 10024FD5
                                                                                                          • GetProcAddress.KERNEL32(00000000,EnumDisplayMonitors), ref: 10024FE6
                                                                                                          • GetProcAddress.KERNEL32(00000000,GetMonitorInfoA), ref: 10024FF7
                                                                                                          • GetProcAddress.KERNEL32(00000000,EnumDisplayDevicesA), ref: 10025008
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AddressProc$HandleModule
                                                                                                          • String ID: EnumDisplayDevicesA$EnumDisplayMonitors$GetMonitorInfoA$GetSystemMetrics$MonitorFromPoint$MonitorFromRect$MonitorFromWindow$USER32
                                                                                                          • API String ID: 667068680-68207542
                                                                                                          • Opcode ID: 2c2d105ab76555674e553128ad85fc5a2fe8f9f5109b4f1e6913bbfff899dba8
                                                                                                          • Instruction ID: f18cf552d00ebf4573e19fd52f8b2344fe61d2491b1b7e62cf44cba2888c0d7d
                                                                                                          • Opcode Fuzzy Hash: 2c2d105ab76555674e553128ad85fc5a2fe8f9f5109b4f1e6913bbfff899dba8
                                                                                                          • Instruction Fuzzy Hash: 15213672D10170ABE752EF749DC886D7AF8F64C2827A1083FE302DA12AD7724540DF98
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10026EFC, Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 175windowCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Rect$Window$Copy$Long$MessageParentSend
                                                                                                          • String ID: (
                                                                                                          • API String ID: 808654186-3887548279
                                                                                                          • Opcode ID: ffd55680436a5d28903850f20e835ec9a2371b9025f3b79a50c4d24cc647ab29
                                                                                                          • Instruction ID: 79398ab63d643b80669917eeb3518c0a7ae9ea55fdc53564aac6bb8538d6af80
                                                                                                          • Opcode Fuzzy Hash: ffd55680436a5d28903850f20e835ec9a2371b9025f3b79a50c4d24cc647ab29
                                                                                                          • Instruction Fuzzy Hash: 08513C72900219AFDB01CBA8EE85AEEBBB9FF48350F554125F909F3251DB30ED458B64
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10034610, Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 57libraryloaderCOMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetModuleHandleW.KERNEL32(KERNEL32.DLL,1004E800,0000000C,1003474B,00000000,00000000,?,100351BF,00000000,00000001,00000000,?,100357EF,00000018,1004E870,0000000C), ref: 10034622
                                                                                                          • __crt_waiting_on_module_handle.LIBCMT ref: 1003462D
                                                                                                            • Part of subcall function 1003065C: Sleep.KERNEL32(000003E8,00000000,?,10034573,KERNEL32.DLL,?,?,10034907,00000000,?,1002E9AC,00000000,?,?,?,1002EA0F), ref: 10030668
                                                                                                            • Part of subcall function 1003065C: GetModuleHandleW.KERNEL32(00000000,?,10034573,KERNEL32.DLL,?,?,10034907,00000000,?,1002E9AC,00000000,?,?,?,1002EA0F,?), ref: 10030671
                                                                                                          • GetProcAddress.KERNEL32(00000000,EncodePointer), ref: 10034656
                                                                                                          • GetProcAddress.KERNEL32(00000000,DecodePointer), ref: 10034666
                                                                                                          • __lock.LIBCMT ref: 10034688
                                                                                                          • InterlockedIncrement.KERNEL32(?), ref: 10034695
                                                                                                          • __lock.LIBCMT ref: 100346A9
                                                                                                          • ___addlocaleref.LIBCMT ref: 100346C7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AddressHandleModuleProc__lock$IncrementInterlockedSleep___addlocaleref__crt_waiting_on_module_handle
                                                                                                          • String ID: DecodePointer$EncodePointer$KERNEL32.DLL
                                                                                                          • API String ID: 1028249917-2843748187
                                                                                                          • Opcode ID: 5b83938148a6bc88c1e014cfaa9ba3fc415054042f6b227dce2f604cd513625e
                                                                                                          • Instruction ID: 0d6301bb9ab871ffe84231295dfe76788f8a31cd98ef4b571f500b89faff28c9
                                                                                                          • Opcode Fuzzy Hash: 5b83938148a6bc88c1e014cfaa9ba3fc415054042f6b227dce2f604cd513625e
                                                                                                          • Instruction Fuzzy Hash: 1C11AF79801741AFE711CF79CD42B8ABBF0EF45311F214969E499EB2A0CB74AA40CB59
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10020C3F, Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 60libraryloaderCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetModuleHandleA.KERNEL32(KERNEL32), ref: 10020C68
                                                                                                          • GetProcAddress.KERNEL32(00000000,CreateActCtxA), ref: 10020C85
                                                                                                          • GetProcAddress.KERNEL32(00000000,ReleaseActCtx), ref: 10020C92
                                                                                                          • GetProcAddress.KERNEL32(00000000,ActivateActCtx), ref: 10020C9F
                                                                                                          • GetProcAddress.KERNEL32(00000000,DeactivateActCtx), ref: 10020CAC
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AddressProc$HandleModule
                                                                                                          • String ID: ActivateActCtx$CreateActCtxA$DeactivateActCtx$KERNEL32$ReleaseActCtx
                                                                                                          • API String ID: 667068680-3617302793
                                                                                                          • Opcode ID: dac128db901c47e6bb8252af25d8797b23f4122bed0c2a723d77acf103c536fb
                                                                                                          • Instruction ID: 164c5ab3b4a161f1fd64f3c59e5fc8043f34cbc47aed943c162e41eaa6e30758
                                                                                                          • Opcode Fuzzy Hash: dac128db901c47e6bb8252af25d8797b23f4122bed0c2a723d77acf103c536fb
                                                                                                          • Instruction Fuzzy Hash: 621130F1C002A19BDB11DF99ADC484ABFE9F656240363427FF218D3221EB708854CE17
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10043A65, Relevance: 17.5, APIs: 9, Strings: 1, Instructions: 49COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog3.LIBCMT ref: 10043A6C
                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 10043A76
                                                                                                          • int.LIBCPMT ref: 10043A8D
                                                                                                            • Part of subcall function 100427A3: std::_Lockit::_Lockit.LIBCPMT ref: 100427B6
                                                                                                          • std::locale::_Getfacet.LIBCPMT ref: 10043A96
                                                                                                          • ctype.LIBCPMT ref: 10043AB0
                                                                                                          • std::bad_exception::bad_exception.LIBCMT ref: 10043AC4
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 10043AD2
                                                                                                          • std::locale::facet::_Incref.LIBCPMT ref: 10043AE2
                                                                                                          • std::locale::facet::facet_Register.LIBCPMT ref: 10043AE8
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: LockitLockit::_std::_$Exception@8GetfacetH_prolog3IncrefRegisterThrowctypestd::bad_exception::bad_exceptionstd::locale::_std::locale::facet::_std::locale::facet::facet_
                                                                                                          • String ID: bad cast
                                                                                                          • API String ID: 2535038987-3145022300
                                                                                                          • Opcode ID: 3269a5203a73611e901993287b551c215e6cb5b556df1f504442498d94acef6b
                                                                                                          • Instruction ID: 41e516e335ea381e6c6cf3992b6e31462ccd823a1db2d0b16548d00875c41f3f
                                                                                                          • Opcode Fuzzy Hash: 3269a5203a73611e901993287b551c215e6cb5b556df1f504442498d94acef6b
                                                                                                          • Instruction Fuzzy Hash: 7E01C039D401699BCB02DBA4DC42AEE7375FF84760F724129F110EB1D1DF74AA008799
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10043C84, Relevance: 17.5, APIs: 9, Strings: 1, Instructions: 49COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog3.LIBCMT ref: 10043C8B
                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 10043C95
                                                                                                          • int.LIBCPMT ref: 10043CAC
                                                                                                            • Part of subcall function 100427A3: std::_Lockit::_Lockit.LIBCPMT ref: 100427B6
                                                                                                          • std::locale::_Getfacet.LIBCPMT ref: 10043CB5
                                                                                                          • codecvt.LIBCPMT ref: 10043CCF
                                                                                                          • std::bad_exception::bad_exception.LIBCMT ref: 10043CE3
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 10043CF1
                                                                                                          • std::locale::facet::_Incref.LIBCPMT ref: 10043D01
                                                                                                          • std::locale::facet::facet_Register.LIBCPMT ref: 10043D07
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: LockitLockit::_std::_$Exception@8GetfacetH_prolog3IncrefRegisterThrowcodecvtstd::bad_exception::bad_exceptionstd::locale::_std::locale::facet::_std::locale::facet::facet_
                                                                                                          • String ID: bad cast
                                                                                                          • API String ID: 577375395-3145022300
                                                                                                          • Opcode ID: 92449c159e0a17ff4070164fc4e6f4138defaf5b0dd7c915e336a137390c2ee1
                                                                                                          • Instruction ID: 1c641b6faa081a6f5f4558330d18bfb7172afe5efef557fc2d9691916cc6be6c
                                                                                                          • Opcode Fuzzy Hash: 92449c159e0a17ff4070164fc4e6f4138defaf5b0dd7c915e336a137390c2ee1
                                                                                                          • Instruction Fuzzy Hash: E701A979D002199BCB06DBA0DC42AAE7375FF84660FB14129F111FB1E1DF74AA008798
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002341C, Relevance: 16.6, APIs: 11, Instructions: 139COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog3_catch.LIBCMT ref: 10023423
                                                                                                          • FindResourceA.KERNEL32(?,?,00000005), ref: 10023456
                                                                                                          • LoadResource.KERNEL32(?,00000000), ref: 1002345E
                                                                                                            • Part of subcall function 100275EC: UnhookWindowsHookEx.USER32(?), ref: 1002761C
                                                                                                          • LockResource.KERNEL32(?,00000024,1000150C,00000000,F6A34367), ref: 1002346F
                                                                                                          • GetDesktopWindow.USER32 ref: 100234A2
                                                                                                          • IsWindowEnabled.USER32(?), ref: 100234B0
                                                                                                          • EnableWindow.USER32(?,00000000), ref: 100234BF
                                                                                                            • Part of subcall function 1002A492: IsWindowEnabled.USER32(?), ref: 1002A49B
                                                                                                            • Part of subcall function 1002A4AD: EnableWindow.USER32(?,00000000), ref: 1002A4BE
                                                                                                          • EnableWindow.USER32(?,00000001), ref: 100235A4
                                                                                                          • GetActiveWindow.USER32 ref: 100235AF
                                                                                                          • SetActiveWindow.USER32(?,?,00000024,1000150C,00000000,F6A34367), ref: 100235BD
                                                                                                          • FreeResource.KERNEL32(?,?,00000024,1000150C,00000000,F6A34367), ref: 100235D9
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Window$Resource$Enable$ActiveEnabled$DesktopFindFreeH_prolog3_catchHookLoadLockUnhookWindows
                                                                                                          • String ID:
                                                                                                          • API String ID: 964565984-0
                                                                                                          • Opcode ID: 9f51e5419fd464f8870fff1869e5699930f25b995303faded1736d57e07594c8
                                                                                                          • Instruction ID: c961092801c59ee9409441e3dbe49a4a333b051d42b2e552560430daa244bbc0
                                                                                                          • Opcode Fuzzy Hash: 9f51e5419fd464f8870fff1869e5699930f25b995303faded1736d57e07594c8
                                                                                                          • Instruction Fuzzy Hash: AA51A034A00B15DFDF11DFA4E9856AEBBF0FF48711F904029E54AA21A1CB719E81CF55
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10028C9F, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 91COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Window$AtomCallGlobalProcProp$DeleteFindH_prolog3_catchLongRectRemove
                                                                                                          • String ID: AfxOldWndProc423
                                                                                                          • API String ID: 2109165785-1060338832
                                                                                                          • Opcode ID: dccbfa165b239661d1f4eaae413e83b7f4de832619f3524192097b6a1288ccad
                                                                                                          • Instruction ID: ff35111d89a6fae3ee79e979b08ab4de06e021ef9fe06013c3cb9f10e1bb71d8
                                                                                                          • Opcode Fuzzy Hash: dccbfa165b239661d1f4eaae413e83b7f4de832619f3524192097b6a1288ccad
                                                                                                          • Instruction Fuzzy Hash: FB31843A80111ABBDF02DFA0EE49DBF7BB8FF46341F800519FA05A50A1C7759A14DBA5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002B9A0, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 64COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetStockObject.GDI32(00000011), ref: 1002B9C8
                                                                                                          • GetStockObject.GDI32(0000000D), ref: 1002B9D0
                                                                                                          • GetObjectA.GDI32(00000000,0000003C,?), ref: 1002B9DD
                                                                                                          • GetDC.USER32(00000000), ref: 1002B9EC
                                                                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 1002BA00
                                                                                                          • MulDiv.KERNEL32(00000000,00000048,00000000), ref: 1002BA0C
                                                                                                          • ReleaseDC.USER32 ref: 1002BA18
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Object$Stock$CapsDeviceRelease
                                                                                                          • String ID: System
                                                                                                          • API String ID: 46613423-3470857405
                                                                                                          • Opcode ID: 95aa6347fd842ffca335552be3f3c7f3934e69caa990673b5ebc058802f1fbd6
                                                                                                          • Instruction ID: 22c60c461008f25a8b5f8ebf610b65477afa905285395b5dac6d7a6a43a1c48b
                                                                                                          • Opcode Fuzzy Hash: 95aa6347fd842ffca335552be3f3c7f3934e69caa990673b5ebc058802f1fbd6
                                                                                                          • Instruction Fuzzy Hash: F611C171A01228EBEB10DBA5DD89FAE7BB8FF05781F400015FA05E61C1DB709D01CBA4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1001E790, Relevance: 13.6, APIs: 9, Instructions: 105windowCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: MessageSend$_strlen
                                                                                                          • String ID:
                                                                                                          • API String ID: 3697954797-0
                                                                                                          • Opcode ID: 50909218d121ae73ae8b47ddfd2900abd0d565cb3fc4bb7cb040f620d48819e1
                                                                                                          • Instruction ID: 0edfc11e8551d9ebf0957f65f3a3322fb23760369c1f09792b2f79df2d73aaf8
                                                                                                          • Opcode Fuzzy Hash: 50909218d121ae73ae8b47ddfd2900abd0d565cb3fc4bb7cb040f620d48819e1
                                                                                                          • Instruction Fuzzy Hash: 22413A74F00306ABE704CF94CD85FAEB7B5FB88B41F208159FA19AB291C670A941DB54
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002AF6B, Relevance: 13.6, APIs: 9, Instructions: 96memoryCOMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog3_catch.LIBCMT ref: 1002AF72
                                                                                                          • EnterCriticalSection.KERNEL32(?,00000010,1002B13B,?,00000000,?,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004,100217C4,00000004,10001461), ref: 1002AF83
                                                                                                          • TlsGetValue.KERNEL32(?,?,00000000,?,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004,100217C4,00000004,10001461,00000000), ref: 1002AFA1
                                                                                                          • LocalAlloc.KERNEL32(00000000,00000000,00000000,00000010,?,?,00000000,?,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002AFD5
                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,00000000,?,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004,100217C4,00000004,10001461,00000000), ref: 1002B041
                                                                                                          • _memset.LIBCMT ref: 1002B060
                                                                                                          • TlsSetValue.KERNEL32(?,00000000), ref: 1002B071
                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,00000000,?,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004,100217C4,00000004,10001461,00000000), ref: 1002B092
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CriticalSection$LeaveValue$AllocEnterH_prolog3_catchLocal_memset
                                                                                                          • String ID:
                                                                                                          • API String ID: 1891723912-0
                                                                                                          • Opcode ID: 26dcec1041afacb20883f8a88d8399bfa0257013ec7d92cf10d39ecfaabb8d94
                                                                                                          • Instruction ID: 31172aa3a9d6c7229b9057958b552749f74c39a7ca69aeefdb4b4ffe67e485c6
                                                                                                          • Opcode Fuzzy Hash: 26dcec1041afacb20883f8a88d8399bfa0257013ec7d92cf10d39ecfaabb8d94
                                                                                                          • Instruction Fuzzy Hash: 2431BCB4400A16EFDB25DF64ECC5C5ABBB4FF05310BA1C529E96A97661CB30AD90CF80
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10001920, Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 119COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 10001982
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Exception@8Throw
                                                                                                          • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                          • API String ID: 2005118841-1866435925
                                                                                                          • Opcode ID: 51a00e0988f626f2dae953a8ada664ba94390563386f7a615b68e84484e52bf4
                                                                                                          • Instruction ID: 1c38ab3b2c14ee1c247bdf225933c46791fcea5bd7c47801f16d03e79e27f587
                                                                                                          • Opcode Fuzzy Hash: 51a00e0988f626f2dae953a8ada664ba94390563386f7a615b68e84484e52bf4
                                                                                                          • Instruction Fuzzy Hash: 29518A34904688EEDB14DFA0CC85BDDB7B1EF45300F6081ADE5056B285CBB46E85CF91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10021F51, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 115threadwindowCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 10021E9F: GetParent.USER32(00000000), ref: 10021EF3
                                                                                                            • Part of subcall function 10021E9F: GetLastActivePopup.USER32(00000000), ref: 10021F04
                                                                                                            • Part of subcall function 10021E9F: IsWindowEnabled.USER32(00000000), ref: 10021F18
                                                                                                            • Part of subcall function 10021E9F: EnableWindow.USER32(00000000,00000000), ref: 10021F2B
                                                                                                          • EnableWindow.USER32(?,00000001), ref: 10021F9E
                                                                                                          • GetWindowThreadProcessId.USER32(?,?), ref: 10021FB2
                                                                                                          • GetCurrentProcessId.KERNEL32 ref: 10021FBC
                                                                                                          • SendMessageA.USER32 ref: 10021FD4
                                                                                                          • GetModuleFileNameA.KERNEL32(00000000,00000000,00000104), ref: 1002204E
                                                                                                          • EnableWindow.USER32(00000000,00000001), ref: 10022093
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Window$Enable$Process$ActiveCurrentEnabledFileLastMessageModuleNameParentPopupSendThread
                                                                                                          • String ID: 0
                                                                                                          • API String ID: 1877664794-4108050209
                                                                                                          • Opcode ID: fa47c2bca283c1efa9c57a90baf6965e2cf2faf5ec170df8e895b8240d28c0a6
                                                                                                          • Instruction ID: c7e4dcc29fd9e1fd486e00497d35318e62f13d9d594050e36cf698265b5585c7
                                                                                                          • Opcode Fuzzy Hash: fa47c2bca283c1efa9c57a90baf6965e2cf2faf5ec170df8e895b8240d28c0a6
                                                                                                          • Instruction Fuzzy Hash: 7B41EF75A00228ABEB21CF64DC86BDA77B8FF14750F900599FA58D7281D7B09E80CF90
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002102D, Relevance: 12.1, APIs: 8, Instructions: 66memorystringCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GlobalLock.KERNEL32 ref: 1002104C
                                                                                                          • lstrcmpA.KERNEL32(?,?), ref: 10021058
                                                                                                          • OpenPrinterA.WINSPOOL.DRV(?,?,00000000), ref: 1002106A
                                                                                                          • DocumentPropertiesA.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 1002108A
                                                                                                          • GlobalAlloc.KERNEL32(00000042,00000000,00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 10021092
                                                                                                          • GlobalLock.KERNEL32 ref: 1002109C
                                                                                                          • DocumentPropertiesA.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000002), ref: 100210A9
                                                                                                          • ClosePrinter.WINSPOOL.DRV(?,00000000,?,?,00000000,00000000,00000002), ref: 100210C1
                                                                                                            • Part of subcall function 1002A801: GlobalFlags.KERNEL32(?), ref: 1002A810
                                                                                                            • Part of subcall function 1002A801: GlobalUnlock.KERNEL32(?,?,?,?,10021A27,?,00000214,1000148F), ref: 1002A822
                                                                                                            • Part of subcall function 1002A801: GlobalFree.KERNEL32 ref: 1002A82D
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Global$DocumentLockProperties$AllocCloseFlagsFreeOpenPrinterPrinter.Unlocklstrcmp
                                                                                                          • String ID:
                                                                                                          • API String ID: 168474834-0
                                                                                                          • Opcode ID: 85f582fc0fa2d760b393ed167a5d421003042f2adcf672044b7dbfb8b9eda5cc
                                                                                                          • Instruction ID: 1e26f6493bbdf61cc617228eadb58d3a13350607a0778397bdab265459f41c03
                                                                                                          • Opcode Fuzzy Hash: 85f582fc0fa2d760b393ed167a5d421003042f2adcf672044b7dbfb8b9eda5cc
                                                                                                          • Instruction Fuzzy Hash: 6E11E079600640BBDB228BA5CD89DAFBAFDFB867407500529F605D2020DA72ED81DB64
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002A98E, Relevance: 12.0, APIs: 8, Instructions: 39COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetSystemMetrics.USER32 ref: 1002A99D
                                                                                                          • GetSystemMetrics.USER32 ref: 1002A9A4
                                                                                                          • GetSystemMetrics.USER32 ref: 1002A9AB
                                                                                                          • GetSystemMetrics.USER32 ref: 1002A9B5
                                                                                                          • GetDC.USER32(00000000), ref: 1002A9BF
                                                                                                          • GetDeviceCaps.GDI32(00000000,00000058), ref: 1002A9D0
                                                                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 1002A9D8
                                                                                                          • ReleaseDC.USER32 ref: 1002A9E0
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: MetricsSystem$CapsDevice$Release
                                                                                                          • String ID:
                                                                                                          • API String ID: 1151147025-0
                                                                                                          • Opcode ID: 97df97701bdba165d7bd0f3935d33a7940ab39bf43f5bcde9822dd001b09b376
                                                                                                          • Instruction ID: 4b18a5fc2a191a652713761d43d2b2da4b0cc28fbe92607e78cb1662e9ca01b2
                                                                                                          • Opcode Fuzzy Hash: 97df97701bdba165d7bd0f3935d33a7940ab39bf43f5bcde9822dd001b09b376
                                                                                                          • Instruction Fuzzy Hash: 0CF0F9B1E40724BAF7105F728C89B167EA8FB49761F004456E6199B281DAB599118FD0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10001D60, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 136windowCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _strlen$IconLoad_memset
                                                                                                          • String ID: ^t$127.0.0.1
                                                                                                          • API String ID: 858515944-3506571716
                                                                                                          • Opcode ID: b8f0a33aed5857d50bc6d4f51472f84c63fc56d9dccdc7a641a98e34b1a5589f
                                                                                                          • Instruction ID: cb70d14c711791ee52ee588ee2f9325bb7e7fa3515ba92e26f588566a221a80e
                                                                                                          • Opcode Fuzzy Hash: b8f0a33aed5857d50bc6d4f51472f84c63fc56d9dccdc7a641a98e34b1a5589f
                                                                                                          • Instruction Fuzzy Hash: AE5118B4904298DBDB14CFA4CC41B9EBBB1EF45308F6481A8E50DAB392DB356E85CF54
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002B84C, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 128stringCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GlobalLock.KERNEL32 ref: 1002B878
                                                                                                          • lstrlenA.KERNEL32(?), ref: 1002B8C3
                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000020), ref: 1002B8DD
                                                                                                          • _wcslen.LIBCMT ref: 1002B901
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ByteCharGlobalLockMultiWide_wcslenlstrlen
                                                                                                          • String ID: System
                                                                                                          • API String ID: 4253822919-3470857405
                                                                                                          • Opcode ID: d5816cacfd0a332e5282f5be394baf9a0c0f2a364455dc9baade1f500cebd3c2
                                                                                                          • Instruction ID: 7b5a175680f670ca79b6c2ec9272e95e82f354ff2106dbd97111df154043a3f4
                                                                                                          • Opcode Fuzzy Hash: d5816cacfd0a332e5282f5be394baf9a0c0f2a364455dc9baade1f500cebd3c2
                                                                                                          • Instruction Fuzzy Hash: C8412671D00619DFDB14CFA4DC85AAEBBB9FF04310F64812AE516EB285E770AD85CB50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 100270BC, Relevance: 10.6, APIs: 7, Instructions: 117windowCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Message$Window$PeekSendUpdate$LongParent
                                                                                                          • String ID:
                                                                                                          • API String ID: 2853195852-0
                                                                                                          • Opcode ID: 5e6b9223f0a1804046a8fbfe378e80d9714a9eacbb44f0fef3914e7058a9bdf9
                                                                                                          • Instruction ID: e439185c47b7e5e34c348b8e0b3dbe5bb3c4b57b45cec7e657144295835a6737
                                                                                                          • Opcode Fuzzy Hash: 5e6b9223f0a1804046a8fbfe378e80d9714a9eacbb44f0fef3914e7058a9bdf9
                                                                                                          • Instruction Fuzzy Hash: 9041C370E00246EBDB11CF69DC84E9FBBF8FF82B81F90815DE949A2150D7719A50DB10
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10027676, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 104windowCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: LongWindow$MessageSend_memset
                                                                                                          • String ID: ,
                                                                                                          • API String ID: 2997958587-3772416878
                                                                                                          • Opcode ID: 1276ef7f4d5813a713450155f5ae2d4635a7a3024c65db1a6c5f2f6a990dd864
                                                                                                          • Instruction ID: f848ae84a4977e1a31b52bc52376e27e10e8709ed1b3efe9ee7841c93cdd6a05
                                                                                                          • Opcode Fuzzy Hash: 1276ef7f4d5813a713450155f5ae2d4635a7a3024c65db1a6c5f2f6a990dd864
                                                                                                          • Instruction Fuzzy Hash: 1431C134600B119FC715DF78E888A6AB7F5FF48350B92056DE58997691DB70E800CF94
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002245E, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 101registryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog3_GS.LIBCMT ref: 10022468
                                                                                                          • RegOpenKeyA.ADVAPI32(80000001,?,?), ref: 1002254E
                                                                                                          • RegEnumKeyA.ADVAPI32(?,00000000,?,00000104), ref: 1002256B
                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 1002258B
                                                                                                          • RegQueryValueA.ADVAPI32(80000001,?,?,?), ref: 100225A6
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CloseEnumH_prolog3_OpenQueryValue
                                                                                                          • String ID: Software\
                                                                                                          • API String ID: 1666054129-964853688
                                                                                                          • Opcode ID: 3dcc581e61560c1b2a89a559af4b2aadf043690cbf44cd43855230fa8fe55520
                                                                                                          • Instruction ID: 3764a028f082780bf1b34d3e1a3aecc110f1b9c57831791e493d608046546682
                                                                                                          • Opcode Fuzzy Hash: 3dcc581e61560c1b2a89a559af4b2aadf043690cbf44cd43855230fa8fe55520
                                                                                                          • Instruction Fuzzy Hash: 3C41AC35800128EBCB22DBA0CC81AEEB3B8FF49310F5045D9F249E2191DB34AB958F94
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 100222E0, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 86registryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 100222EA
                                                                                                          • RegOpenKeyA.ADVAPI32(?,?,?), ref: 10022378
                                                                                                          • RegEnumKeyA.ADVAPI32(?,00000000,?,00000104), ref: 1002239B
                                                                                                            • Part of subcall function 1002228B: __EH_prolog3.LIBCMT ref: 10022292
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: EnumH_prolog3H_prolog3_catch_Open
                                                                                                          • String ID: Software\Classes\
                                                                                                          • API String ID: 3518408925-1121929649
                                                                                                          • Opcode ID: 148a9a07ce493e8523daa3725bf67091589f603dbf0392a59fe7285a5da600ad
                                                                                                          • Instruction ID: 704202dc6e21b2fa8b48efa6eea704b7fc6a1643c8ca87a9ade3220d51c06aab
                                                                                                          • Opcode Fuzzy Hash: 148a9a07ce493e8523daa3725bf67091589f603dbf0392a59fe7285a5da600ad
                                                                                                          • Instruction Fuzzy Hash: A1317C36C00068EBDB22EBA4CD44BDDB6B8FB09350F5141D5F999A3252DA306FA49F91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002B26C, Relevance: 10.6, APIs: 7, Instructions: 70windowCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetCapture.USER32 ref: 1002B279
                                                                                                          • SendMessageA.USER32 ref: 1002B294
                                                                                                          • GetFocus.USER32 ref: 1002B2A9
                                                                                                          • SendMessageA.USER32 ref: 1002B2B7
                                                                                                          • GetLastActivePopup.USER32(?), ref: 1002B2E0
                                                                                                          • SendMessageA.USER32 ref: 1002B2ED
                                                                                                            • Part of subcall function 1002881E: GetWindowLongA.USER32 ref: 10028844
                                                                                                            • Part of subcall function 1002881E: GetParent.USER32(?), ref: 10028852
                                                                                                          • SendMessageA.USER32 ref: 1002B313
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: MessageSend$ActiveCaptureFocusLastLongParentPopupWindow
                                                                                                          • String ID:
                                                                                                          • API String ID: 3338174999-0
                                                                                                          • Opcode ID: 8b045ddbd33b9174f1829eda3b456e63d99d5e6e5f6e5226114c782d6a6a23be
                                                                                                          • Instruction ID: 3a08670cfc868389e080b955865bcb0f045f405a5b874c30a2897e43bb08e3ed
                                                                                                          • Opcode Fuzzy Hash: 8b045ddbd33b9174f1829eda3b456e63d99d5e6e5f6e5226114c782d6a6a23be
                                                                                                          • Instruction Fuzzy Hash: 7F1146B590065AFFEB11DFA1DD8AC9E7E7CEF41788B910075F504A2121EB719F04AB20
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002AAF8, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 66registryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • RegOpenKeyExA.ADVAPI32(80000001,software,00000000,0002001F,?), ref: 1002AB28
                                                                                                          • RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?), ref: 1002AB4B
                                                                                                          • RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?), ref: 1002AB67
                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 1002AB77
                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 1002AB81
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CloseCreate$Open
                                                                                                          • String ID: software
                                                                                                          • API String ID: 1740278721-2010147023
                                                                                                          • Opcode ID: ccb9b6360ff57769a68f726ed1728c19480870e0bb9bbd8d9feb64ffad4441d4
                                                                                                          • Instruction ID: fb36ca9c2f952ecb3db15ddf6cda8d32fba402c4719dfc4725c3bd37d29a496b
                                                                                                          • Opcode Fuzzy Hash: ccb9b6360ff57769a68f726ed1728c19480870e0bb9bbd8d9feb64ffad4441d4
                                                                                                          • Instruction Fuzzy Hash: 6B11E672900158FBDB11DB9ADD88CDFBFBDEB8A750B5000AAF504A2122D7319E44DBA0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002B00C, Relevance: 10.6, APIs: 7, Instructions: 51memoryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 1002B013
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 1002B01D
                                                                                                            • Part of subcall function 100312CD: RaiseException.KERNEL32(?,?,1004B6B4,1004F1B8,?,?,?,100203CA,1004B6B4,1004F1B8,00000000,00000000), ref: 1003130F
                                                                                                          • LocalReAlloc.KERNEL32(?,00000000,00000002,00000000,00000010,?,?,00000000,?,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004), ref: 1002B034
                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,00000000,?,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004,100217C4,00000004,10001461,00000000), ref: 1002B041
                                                                                                            • Part of subcall function 10023B23: __CxxThrowException@8.LIBCMT ref: 10023B39
                                                                                                          • _memset.LIBCMT ref: 1002B060
                                                                                                          • TlsSetValue.KERNEL32(?,00000000), ref: 1002B071
                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,00000000,?,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004,100217C4,00000004,10001461,00000000), ref: 1002B092
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CriticalLeaveSection$Exception@8Throw$AllocExceptionLocalRaiseValue_memset
                                                                                                          • String ID:
                                                                                                          • API String ID: 356813703-0
                                                                                                          • Opcode ID: 57ffba166e203e5f771fa8df9200c34d4f09cabdb1cbb7fcc74f3b72e3f2cbe0
                                                                                                          • Instruction ID: 36d3102e2cb30bc4552268f57227952f3745dc8c02fd82b3b9104c669509b869
                                                                                                          • Opcode Fuzzy Hash: 57ffba166e203e5f771fa8df9200c34d4f09cabdb1cbb7fcc74f3b72e3f2cbe0
                                                                                                          • Instruction Fuzzy Hash: DC115E74100605AFD725EF64DCC5D2BBBB9FF453107A0C529F969D6522CB30AC24CB94
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002A948, Relevance: 10.5, APIs: 7, Instructions: 30COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetSysColor.USER32(0000000F), ref: 1002A956
                                                                                                          • GetSysColor.USER32(00000010), ref: 1002A95D
                                                                                                          • GetSysColor.USER32(00000014), ref: 1002A964
                                                                                                          • GetSysColor.USER32(00000012), ref: 1002A96B
                                                                                                          • GetSysColor.USER32(00000006), ref: 1002A972
                                                                                                          • GetSysColorBrush.USER32(0000000F), ref: 1002A97F
                                                                                                          • GetSysColorBrush.USER32(00000006), ref: 1002A986
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Color$Brush
                                                                                                          • String ID:
                                                                                                          • API String ID: 2798902688-0
                                                                                                          • Opcode ID: 2aeb855fe3a01d91a1c159618acf838dda1bc2281205f0400994082937ea778a
                                                                                                          • Instruction ID: 2de359d209fd3f7b37bcce9053ec3ec9da3e309d31870537ed148616a4e248d0
                                                                                                          • Opcode Fuzzy Hash: 2aeb855fe3a01d91a1c159618acf838dda1bc2281205f0400994082937ea778a
                                                                                                          • Instruction Fuzzy Hash: 0BF0FE719407445BD730BF724E49B47BAD1FFC4710F02092EE2458B990D6B6E441DF44
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10023266, Relevance: 9.1, APIs: 6, Instructions: 136COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog3_catch.LIBCMT ref: 1002326D
                                                                                                          • GlobalLock.KERNEL32 ref: 10023345
                                                                                                          • CreateDialogIndirectParamA.USER32(?,?,?,10022CA4,00000000), ref: 10023374
                                                                                                          • DestroyWindow.USER32(00000000,?,1000150C,00000000,F6A34367), ref: 100233EE
                                                                                                          • GlobalUnlock.KERNEL32(?,?,1000150C,00000000,F6A34367), ref: 100233FE
                                                                                                          • GlobalFree.KERNEL32 ref: 10023407
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Global$CreateDestroyDialogFreeH_prolog3_catchIndirectLockParamUnlockWindow
                                                                                                          • String ID:
                                                                                                          • API String ID: 3003189058-0
                                                                                                          • Opcode ID: 888fa3cfcf776247989f330621f25040a0e9d6be9df16a9d0be9406a16dfc2c2
                                                                                                          • Instruction ID: 542586d5134ef99c8f61472b69a72313b72e87743f096b2e8f632b75dff3f323
                                                                                                          • Opcode Fuzzy Hash: 888fa3cfcf776247989f330621f25040a0e9d6be9df16a9d0be9406a16dfc2c2
                                                                                                          • Instruction Fuzzy Hash: DD519B31A0024AEFCB04DFA4E9859AEBBB5EF04350F95442DF506E7292CB70AA45CB61
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10021E9F, Relevance: 9.1, APIs: 6, Instructions: 69COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetWindowLongA.USER32 ref: 10021ED2
                                                                                                          • GetParent.USER32(00000000), ref: 10021EE0
                                                                                                          • GetParent.USER32(00000000), ref: 10021EF3
                                                                                                          • GetLastActivePopup.USER32(00000000), ref: 10021F04
                                                                                                          • IsWindowEnabled.USER32(00000000), ref: 10021F18
                                                                                                          • EnableWindow.USER32(00000000,00000000), ref: 10021F2B
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Window$Parent$ActiveEnableEnabledLastLongPopup
                                                                                                          • String ID:
                                                                                                          • API String ID: 670545878-0
                                                                                                          • Opcode ID: 472b318fd5bad27ffdf09f8c34eab2449045ee6e889f529d1c6834af2a2317c9
                                                                                                          • Instruction ID: f929a2de190b898985c8684475384bdcb1a7d6cc0d17529594567964d95cf4f5
                                                                                                          • Opcode Fuzzy Hash: 472b318fd5bad27ffdf09f8c34eab2449045ee6e889f529d1c6834af2a2317c9
                                                                                                          • Instruction Fuzzy Hash: 7711E73B5012725BDBA2DA65AD80BDF32D8EFB5AE1F830165EC24E7204D730CD0142D5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10037738, Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __CreateFrameInfo.LIBCMT ref: 10037760
                                                                                                            • Part of subcall function 10030430: __getptd.LIBCMT ref: 1003043E
                                                                                                            • Part of subcall function 10030430: __getptd.LIBCMT ref: 1003044C
                                                                                                          • __getptd.LIBCMT ref: 1003776A
                                                                                                            • Part of subcall function 10034770: __getptd_noexit.LIBCMT ref: 10034773
                                                                                                            • Part of subcall function 10034770: __amsg_exit.LIBCMT ref: 10034780
                                                                                                          • __getptd.LIBCMT ref: 10037778
                                                                                                          • __getptd.LIBCMT ref: 10037786
                                                                                                          • __getptd.LIBCMT ref: 10037791
                                                                                                          • _CallCatchBlock2.LIBCMT ref: 100377B7
                                                                                                            • Part of subcall function 100304D5: __CallSettingFrame@12.LIBCMT ref: 10030521
                                                                                                            • Part of subcall function 1003785E: __getptd.LIBCMT ref: 1003786D
                                                                                                            • Part of subcall function 1003785E: __getptd.LIBCMT ref: 1003787B
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: __getptd$Call$Block2CatchCreateFrameFrame@12InfoSetting__amsg_exit__getptd_noexit
                                                                                                          • String ID:
                                                                                                          • API String ID: 1602911419-0
                                                                                                          • Opcode ID: 46636e942f87dcca0c30cf7feca0092d3b0ea187b49415045ba274b669f62aa0
                                                                                                          • Instruction ID: fb1f34f9027f5a0fd6fb665b034cbc12c1ee6665b85233a2d450c333db5c1a8f
                                                                                                          • Opcode Fuzzy Hash: 46636e942f87dcca0c30cf7feca0092d3b0ea187b49415045ba274b669f62aa0
                                                                                                          • Instruction Fuzzy Hash: 4F1104B9C04249EFDB01DFA4D945AEE7BB1FF08315F508469F814AB251DB38AA11DF90
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002A8D2, Relevance: 9.0, APIs: 6, Instructions: 46COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Window$Rect$ClientCtrlLongScreen
                                                                                                          • String ID:
                                                                                                          • API String ID: 1315500227-0
                                                                                                          • Opcode ID: f0130467347104804c256745cbc3b6b13c5e57ae72556175195e5c4804d3d92f
                                                                                                          • Instruction ID: abcb09268cf445b2c35b0e2b56c0cfd5e9caec1888beec0722017402bcd9ce52
                                                                                                          • Opcode Fuzzy Hash: f0130467347104804c256745cbc3b6b13c5e57ae72556175195e5c4804d3d92f
                                                                                                          • Instruction Fuzzy Hash: FC018F32500126BBEB219F559D48EAF3BACFF463A1F414165FD15D6060DB30DA829A98
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10029F40, Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 244COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _memset
                                                                                                          • String ID: @$@$AfxFrameOrView90s$AfxMDIFrame90s
                                                                                                          • API String ID: 2102423945-455206835
                                                                                                          • Opcode ID: 7bcac898d79bec3422349b7028506952ff69134773f17cb7bb074026e0cf6295
                                                                                                          • Instruction ID: fa70bd333b2ddaae6f39455d5bc8e436e1dc58d3be4ecb045c2565641b92f197
                                                                                                          • Opcode Fuzzy Hash: 7bcac898d79bec3422349b7028506952ff69134773f17cb7bb074026e0cf6295
                                                                                                          • Instruction Fuzzy Hash: BD914175C00219ABDB80CFA4D581BDEBBF9EF48384F518065F908E7181EB749B84DBA1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10020982, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 94windowCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetMenuCheckMarkDimensions.USER32 ref: 1002099A
                                                                                                          • _memset.LIBCMT ref: 10020A12
                                                                                                          • CreateBitmap.GDI32(?,?,00000001,00000001,?), ref: 10020A75
                                                                                                          • LoadBitmapA.USER32 ref: 10020A8D
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Bitmap$CheckCreateDimensionsLoadMarkMenu_memset
                                                                                                          • String ID:
                                                                                                          • API String ID: 4271682439-3916222277
                                                                                                          • Opcode ID: 33d2bf27483d04382989d274a53bbefd1c41525da4d7f4bc6e43fef10d3baaa5
                                                                                                          • Instruction ID: 8ec26202c106691d72478eed222520a6e30d1cb825b7d1c94e22465ec1c68f9d
                                                                                                          • Opcode Fuzzy Hash: 33d2bf27483d04382989d274a53bbefd1c41525da4d7f4bc6e43fef10d3baaa5
                                                                                                          • Instruction Fuzzy Hash: BD312772A003669FFB10CF289CC5B9D7BB5FB44340F9540AAF549EB182DA709E848B50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10025110, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 65COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SystemParametersInfoA.USER32(00000030,00000000,00000000,00000000), ref: 10025150
                                                                                                          • GetSystemMetrics.USER32 ref: 10025168
                                                                                                          • GetSystemMetrics.USER32 ref: 1002516F
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: System$Metrics$InfoParameters
                                                                                                          • String ID: B$DISPLAY
                                                                                                          • API String ID: 3136151823-3316187204
                                                                                                          • Opcode ID: b6b25803d1236a503b5fcdcee7e41ccf2bd8b680c30ee70901717e7f43f6efc3
                                                                                                          • Instruction ID: b60a64a5d5410e3ad8fe5a59109b18ab5d44eebb328e5d1eff8611f1e2dd37b9
                                                                                                          • Opcode Fuzzy Hash: b6b25803d1236a503b5fcdcee7e41ccf2bd8b680c30ee70901717e7f43f6efc3
                                                                                                          • Instruction Fuzzy Hash: 4511E771901334AFEB52DF64DC85B9B7BA8EF45791F414061FD0AAE006D672D910CBE4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10022E4B, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 61COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: Edit
                                                                                                          • API String ID: 0-554135844
                                                                                                          • Opcode ID: ae77f75da73c1987e0fa940b5ef14957e5d7f7bc95fc6b37df26c4b3c60db9f7
                                                                                                          • Instruction ID: d6f5fafa54f95e57ce7326ac47ec6df47115e019fe7e1f47642f1b857b3d0bbf
                                                                                                          • Opcode Fuzzy Hash: ae77f75da73c1987e0fa940b5ef14957e5d7f7bc95fc6b37df26c4b3c60db9f7
                                                                                                          • Instruction Fuzzy Hash: 4611A131200205BBEE20DAA1AC05F5EB6ECFF46791F930929F956D64B1CF61DC80E564
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10037474, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __getptd.LIBCMT ref: 1003748E
                                                                                                            • Part of subcall function 10034770: __getptd_noexit.LIBCMT ref: 10034773
                                                                                                            • Part of subcall function 10034770: __amsg_exit.LIBCMT ref: 10034780
                                                                                                          • __getptd.LIBCMT ref: 1003749F
                                                                                                          • __getptd.LIBCMT ref: 100374AD
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: __getptd$__amsg_exit__getptd_noexit
                                                                                                          • String ID: MOC$csm
                                                                                                          • API String ID: 803148776-1389381023
                                                                                                          • Opcode ID: e3b2ebf427159775b670ccfe04d8264cb15add95c28ba503ee76d0db9538cd89
                                                                                                          • Instruction ID: 4aa484bfd58dbd3435781d5c114dead901570b21edfee72e4775129354a6ca63
                                                                                                          • Opcode Fuzzy Hash: e3b2ebf427159775b670ccfe04d8264cb15add95c28ba503ee76d0db9538cd89
                                                                                                          • Instruction Fuzzy Hash: 59E012395142448FC322DA64D046B283AE4FB4A216F5A04A1E54C8F223CB38F8809692
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002A742, Relevance: 7.6, APIs: 5, Instructions: 54stringCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • lstrlenA.KERNEL32(?,?,00000000), ref: 1002A76E
                                                                                                          • _memset.LIBCMT ref: 1002A78B
                                                                                                          • GetWindowTextA.USER32 ref: 1002A7A5
                                                                                                          • lstrcmpA.KERNEL32(00000000,?), ref: 1002A7B7
                                                                                                          • SetWindowTextA.USER32(?,?), ref: 1002A7C3
                                                                                                            • Part of subcall function 10023B5B: __CxxThrowException@8.LIBCMT ref: 10023B71
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: TextWindow$Exception@8Throw_memsetlstrcmplstrlen
                                                                                                          • String ID:
                                                                                                          • API String ID: 289641511-0
                                                                                                          • Opcode ID: eba42bef06e1ea26d0eb59e6d93e6a074b965602a881250286a8b19bcf32aa76
                                                                                                          • Instruction ID: 26b6340e82542b1e4468bed3117474a07e50960d7f5f1af9f26f2e201bf88dc7
                                                                                                          • Opcode Fuzzy Hash: eba42bef06e1ea26d0eb59e6d93e6a074b965602a881250286a8b19bcf32aa76
                                                                                                          • Instruction Fuzzy Hash: 6201C4B6600224ABEB11DB64AEC4BDA77BCEB56750F410062FA05D3141DA709E8487A4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1003303D, Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __getptd.LIBCMT ref: 10033049
                                                                                                            • Part of subcall function 10034770: __getptd_noexit.LIBCMT ref: 10034773
                                                                                                            • Part of subcall function 10034770: __amsg_exit.LIBCMT ref: 10034780
                                                                                                          • __amsg_exit.LIBCMT ref: 10033069
                                                                                                          • __lock.LIBCMT ref: 10033079
                                                                                                          • InterlockedDecrement.KERNEL32(?), ref: 10033096
                                                                                                          • InterlockedIncrement.KERNEL32(04461628), ref: 100330C1
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                                                                          • String ID:
                                                                                                          • API String ID: 4271482742-0
                                                                                                          • Opcode ID: b7e179927d4189d82ebcc7d242cd09fbde42b95b3021a06d9a3f9b095d1226b3
                                                                                                          • Instruction ID: 0569f5a3ac8da4acb0d1a986d046cd977373cb471ce5986ef029c0716cf573c4
                                                                                                          • Opcode Fuzzy Hash: b7e179927d4189d82ebcc7d242cd09fbde42b95b3021a06d9a3f9b095d1226b3
                                                                                                          • Instruction Fuzzy Hash: 6701AD35E01B61AFE716DB68889675E77A0FF01BA2F018205F910AF3A1CB347850CBD5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10043707, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 157COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Fputc$H_prolog3_
                                                                                                          • String ID:
                                                                                                          • API String ID: 2569218679-3916222277
                                                                                                          • Opcode ID: 958f7fde8cf3934525be4b4590de41da191db7979d055f19d5a6abdfe82d0e64
                                                                                                          • Instruction ID: 327ff4da5823006f03605dc28747a7ba7b3d1cf190d8e7353a19ee1d8cd02c88
                                                                                                          • Opcode Fuzzy Hash: 958f7fde8cf3934525be4b4590de41da191db7979d055f19d5a6abdfe82d0e64
                                                                                                          • Instruction Fuzzy Hash: 74515CB6A046489BCB29CBA4C8919DEB7B5EF48310F31D539F552E7291EF70B808CB54
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10028683, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 43libraryloaderCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 1002A6AB: EnterCriticalSection.KERNEL32(10086308,?,?,?,?,1002AD16,00000010,00000008,10024D7E,10024D21,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002A6E5
                                                                                                            • Part of subcall function 1002A6AB: InitializeCriticalSection.KERNEL32(?,?,?,?,?,1002AD16,00000010,00000008,10024D7E,10024D21,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002A6F7
                                                                                                            • Part of subcall function 1002A6AB: LeaveCriticalSection.KERNEL32(10086308,?,?,?,?,1002AD16,00000010,00000008,10024D7E,10024D21,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002A704
                                                                                                            • Part of subcall function 1002A6AB: EnterCriticalSection.KERNEL32(?,?,?,?,?,1002AD16,00000010,00000008,10024D7E,10024D21,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002A714
                                                                                                            • Part of subcall function 1002ACFB: __EH_prolog3_catch.LIBCMT ref: 1002AD02
                                                                                                            • Part of subcall function 10023B5B: __CxxThrowException@8.LIBCMT ref: 10023B71
                                                                                                          • GetProcAddress.KERNEL32(00000000,HtmlHelpA), ref: 100286CC
                                                                                                          • FreeLibrary.KERNEL32(?), ref: 100286DC
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CriticalSection$Enter$AddressException@8FreeH_prolog3_catchInitializeLeaveLibraryProcThrow
                                                                                                          • String ID: HtmlHelpA$hhctrl.ocx
                                                                                                          • API String ID: 3274081130-63838506
                                                                                                          • Opcode ID: 7eafd78b95f4e71f9a7c2a9e0d78888fac0c88a0cb5b3df1705197983d44129d
                                                                                                          • Instruction ID: 005129d9915a41a8e27983cdb1c3ef0c0b08f3353e048253c6f2f10206dc3ba7
                                                                                                          • Opcode Fuzzy Hash: 7eafd78b95f4e71f9a7c2a9e0d78888fac0c88a0cb5b3df1705197983d44129d
                                                                                                          • Instruction Fuzzy Hash: 7D01AD39001A07ABD722DB60FD09B4B3BD4EF04751F90882AFA5AA5462DB70E9509B59
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10037AE5, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ___BuildCatchObject.LIBCMT ref: 10037AF8
                                                                                                            • Part of subcall function 10037A53: ___BuildCatchObjectHelper.LIBCMT ref: 10037A89
                                                                                                          • _UnwindNestedFrames.LIBCMT ref: 10037B0F
                                                                                                          • ___FrameUnwindToState.LIBCMT ref: 10037B1D
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: BuildCatchObjectUnwind$FrameFramesHelperNestedState
                                                                                                          • String ID: csm
                                                                                                          • API String ID: 2163707966-1018135373
                                                                                                          • Opcode ID: f195471c9651215b8799b1dff3133e99b074ac86d89a3ab6fa62fa96ed46b13b
                                                                                                          • Instruction ID: f623d6fd13c583f27d9dc74078cf60041b57e54907eb0ea25ac4e83ce510980d
                                                                                                          • Opcode Fuzzy Hash: f195471c9651215b8799b1dff3133e99b074ac86d89a3ab6fa62fa96ed46b13b
                                                                                                          • Instruction Fuzzy Hash: 1301E475001109BFDF239E51CC41EAB7FAAFF08392F108014BD1C19121D736E9A1EBA1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1003B6EA, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetModuleHandleA.KERNEL32(KERNEL32,1003198E), ref: 1003B6EF
                                                                                                          • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 1003B6FF
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AddressHandleModuleProc
                                                                                                          • String ID: IsProcessorFeaturePresent$KERNEL32
                                                                                                          • API String ID: 1646373207-3105848591
                                                                                                          • Opcode ID: b625c795e4b14fe0a5397004e64ae313e176778416d8ae412e329f0da2c945c9
                                                                                                          • Instruction ID: 1963b1661ff3506828beccd1ed570aedb4cc9858b4c3caadb466faf93440aec0
                                                                                                          • Opcode Fuzzy Hash: b625c795e4b14fe0a5397004e64ae313e176778416d8ae412e329f0da2c945c9
                                                                                                          • Instruction Fuzzy Hash: FAF09030D0090DE6EF006BA1AE4A2AF7BB8FB8134AF9204A0E295F0094CF30C074C345
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10043F42, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog3.LIBCMT ref: 10043F49
                                                                                                            • Part of subcall function 1001E9D0: _strlen.LIBCMT ref: 1001E9EF
                                                                                                          • std::bad_exception::bad_exception.LIBCMT ref: 10043F66
                                                                                                            • Part of subcall function 10043EBB: std::runtime_error::runtime_error.LIBCPMT ref: 10043EC6
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 10043F74
                                                                                                            • Part of subcall function 100312CD: RaiseException.KERNEL32(?,?,1004B6B4,1004F1B8,?,?,?,100203CA,1004B6B4,1004F1B8,00000000,00000000), ref: 1003130F
                                                                                                          Strings
                                                                                                          • invalid string position, xrefs: 10043F4E
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ExceptionException@8H_prolog3RaiseThrow_strlenstd::bad_exception::bad_exceptionstd::runtime_error::runtime_error
                                                                                                          • String ID: invalid string position
                                                                                                          • API String ID: 843739861-1799206989
                                                                                                          • Opcode ID: 45ad777bced333e79dc8783b5ddc33aee8a57e63d6a6dab2f02a1dc112f26aec
                                                                                                          • Instruction ID: 29482f66c8a5f8716b1ced5184e44cdebd8c398cac92a99365ce02766c2dbf89
                                                                                                          • Opcode Fuzzy Hash: 45ad777bced333e79dc8783b5ddc33aee8a57e63d6a6dab2f02a1dc112f26aec
                                                                                                          • Instruction Fuzzy Hash: 6FD0127580004D9ADB05DBD0CC55EDE7378EB14311F541835B301EA041DF747A49C658
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10003190, Relevance: 6.4, APIs: 5, Instructions: 119COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SetLastError.KERNEL32(0000007F), ref: 100031BF
                                                                                                          • SetLastError.KERNEL32(0000007F), ref: 100031EB
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorLast
                                                                                                          • String ID:
                                                                                                          • API String ID: 1452528299-0
                                                                                                          • Opcode ID: be243d1140ffaf3f5c0c670d3f2cc449d13f2587e7475c66dd1e7082ab2392ba
                                                                                                          • Instruction ID: 4eaf8ab176a3ef0a7f39cefad6a7452b8358f787e5b85b158199dac7f5a3fe15
                                                                                                          • Opcode Fuzzy Hash: be243d1140ffaf3f5c0c670d3f2cc449d13f2587e7475c66dd1e7082ab2392ba
                                                                                                          • Instruction Fuzzy Hash: D051E770E0415ADFEB05CF98C981AAEB7F5FF48344F2085A9E815AB349D734EA41DB90
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10043370, Relevance: 6.2, APIs: 4, Instructions: 152COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog3_GS.LIBCMT ref: 10043377
                                                                                                          • _fgetc.LIBCMT ref: 100434AD
                                                                                                            • Part of subcall function 100432DD: std::_String_base::_Xlen.LIBCPMT ref: 100432F3
                                                                                                          • _memcpy_s.LIBCMT ref: 10043472
                                                                                                          • _ungetc.LIBCMT ref: 100434F8
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: H_prolog3_String_base::_Xlen_fgetc_memcpy_s_ungetcstd::_
                                                                                                          • String ID:
                                                                                                          • API String ID: 9762108-0
                                                                                                          • Opcode ID: 99201e9437667c55015348abdb3458414e8582c21c8e059d90a996027ebc780c
                                                                                                          • Instruction ID: 13a944e20a8a26727cade03676e391ccd69925211a3dd35b2a339be84363c332
                                                                                                          • Opcode Fuzzy Hash: 99201e9437667c55015348abdb3458414e8582c21c8e059d90a996027ebc780c
                                                                                                          • Instruction Fuzzy Hash: CF515C76A006089FCB15DBB4C8919DEB7B9FF48210F70953AE552E7191EE60F908CB54
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10044EAE, Relevance: 6.1, APIs: 4, Instructions: 137COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __flush.LIBCMT ref: 10044F72
                                                                                                          • __fileno.LIBCMT ref: 10044F92
                                                                                                          • __locking.LIBCMT ref: 10044F99
                                                                                                          • __flsbuf.LIBCMT ref: 10044FC4
                                                                                                            • Part of subcall function 10030D24: __getptd_noexit.LIBCMT ref: 10030D24
                                                                                                            • Part of subcall function 10032DE1: __decode_pointer.LIBCMT ref: 10032DEC
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: __decode_pointer__fileno__flsbuf__flush__getptd_noexit__locking
                                                                                                          • String ID:
                                                                                                          • API String ID: 3240763771-0
                                                                                                          • Opcode ID: 956221b4076386118c712c8f64a0eb647298e6b25e76d36a604d25e1bab44899
                                                                                                          • Instruction ID: f2cbb9fbd7bb741866626b2388375d2bcd999be80ff2815986012e88e7b340f8
                                                                                                          • Opcode Fuzzy Hash: 956221b4076386118c712c8f64a0eb647298e6b25e76d36a604d25e1bab44899
                                                                                                          • Instruction Fuzzy Hash: 48418F35A00605DFDB15CFAA888099EB7F6EF80360F328639E855D7580EB71EE45CB48
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1003EEC4, Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 1003EEF8
                                                                                                          • __isleadbyte_l.LIBCMT ref: 1003EF2C
                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,?,?,1004E688,00000000,00000000,00000020), ref: 1003EF5D
                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000001,00000000,00000000,?,?,?,1004E688,00000000,00000000,00000020), ref: 1003EFCB
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                          • String ID:
                                                                                                          • API String ID: 3058430110-0
                                                                                                          • Opcode ID: 96643137e7721e308861157e0faa2d4bf1abe89a8bc138eb09a9c9d576fa028f
                                                                                                          • Instruction ID: 26013823be584ed4b010159d5efc2338de830fada2216c2f4930337caeab7791
                                                                                                          • Opcode Fuzzy Hash: 96643137e7721e308861157e0faa2d4bf1abe89a8bc138eb09a9c9d576fa028f
                                                                                                          • Instruction Fuzzy Hash: 52318931A002D6EFDB12DF64C880AAA7BE5EF41352F1286A9F4648F1E1D770AD40DB50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002B564, Relevance: 6.1, APIs: 4, Instructions: 89COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: __msize_malloc
                                                                                                          • String ID:
                                                                                                          • API String ID: 1288803200-0
                                                                                                          • Opcode ID: e7775de412d4773406d2d7f9127a0febec078a8c984ec9c0c9f408937bca0ff2
                                                                                                          • Instruction ID: c06ad2b89a0fc854e88fd2117b33bcd0e6f9c9f7914c74f6532cfdf5cd9cd5d6
                                                                                                          • Opcode Fuzzy Hash: e7775de412d4773406d2d7f9127a0febec078a8c984ec9c0c9f408937bca0ff2
                                                                                                          • Instruction Fuzzy Hash: 9D218231600E249FCB55EF30F8C9A5A77E5EF04790BD18519E8598B256DF34ECA0CB80
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 100210FF, Relevance: 6.1, APIs: 4, Instructions: 61COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Exception@8Throw$__cftof
                                                                                                          • String ID:
                                                                                                          • API String ID: 887240167-0
                                                                                                          • Opcode ID: 4211e913ba8b62f1cad3a260a4951dcfba4da381e4675b2fc4cd124fb216e819
                                                                                                          • Instruction ID: 16327421f0b36ea26aeda1f7d289ca1428dc81c908886c4e3e3252d19e74a35c
                                                                                                          • Opcode Fuzzy Hash: 4211e913ba8b62f1cad3a260a4951dcfba4da381e4675b2fc4cd124fb216e819
                                                                                                          • Instruction Fuzzy Hash: 6201C07980024CBB8B11DE899C46CDF7BEDEA88250BB00152FB19C3501DAB1EE20D2A2
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10023180, Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • FindResourceA.KERNEL32(?,00000000,00000005), ref: 100231A8
                                                                                                          • LoadResource.KERNEL32(?,00000000), ref: 100231B0
                                                                                                          • LockResource.KERNEL32(00000000), ref: 100231C2
                                                                                                          • FreeResource.KERNEL32(00000000), ref: 10023210
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Resource$FindFreeLoadLock
                                                                                                          • String ID:
                                                                                                          • API String ID: 1078018258-0
                                                                                                          • Opcode ID: 8904d22b2e9766e214ab266f9aec4827302d519ac8e5ca81d82e01921d4caf04
                                                                                                          • Instruction ID: 7117f4333b49b93e9e103224ba76a384f5f6927333c7ffee97ba62033829b48c
                                                                                                          • Opcode Fuzzy Hash: 8904d22b2e9766e214ab266f9aec4827302d519ac8e5ca81d82e01921d4caf04
                                                                                                          • Instruction Fuzzy Hash: 3D110134500761EFD714CF99D988AAAB7F8FF00399F51C429E84283550D770ED58DBA0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10024E13, Relevance: 6.1, APIs: 4, Instructions: 59windowCOMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog3.LIBCMT ref: 10024E1A
                                                                                                            • Part of subcall function 10020421: _malloc.LIBCMT ref: 1002043F
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 10024E50
                                                                                                          • FormatMessageA.KERNEL32(00001100,00000000,?,00000800,8007000E,00000000,00000000,00000000,?,8007000E,1004DCF4,00000004,1000166C,8007000E), ref: 10024E7B
                                                                                                            • Part of subcall function 10023B77: __cftof.LIBCMT ref: 10023B88
                                                                                                          • LocalFree.KERNEL32(8007000E,8007000E), ref: 10024EA4
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Exception@8FormatFreeH_prolog3LocalMessageThrow__cftof_malloc
                                                                                                          • String ID:
                                                                                                          • API String ID: 1808948168-0
                                                                                                          • Opcode ID: a99d70be1c0dcc840c7ce1049e047e71ac8799dea147b88372324e332874e07f
                                                                                                          • Instruction ID: b82dd79aa3f9a22217a6a5774d94273f1735641f27abfa85c715a235195ff0cc
                                                                                                          • Opcode Fuzzy Hash: a99d70be1c0dcc840c7ce1049e047e71ac8799dea147b88372324e332874e07f
                                                                                                          • Instruction Fuzzy Hash: 2711C6B1604249BFEF01DFA4DC81DAE3BA9FF08350F628529F619CB1A1DB319950CB50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 100217AE, Relevance: 6.1, APIs: 4, Instructions: 57threadCOMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog3.LIBCMT ref: 100217B5
                                                                                                            • Part of subcall function 1002299D: __EH_prolog3.LIBCMT ref: 100229A4
                                                                                                          • __strdup.LIBCMT ref: 100217D7
                                                                                                          • GetCurrentThread.KERNEL32 ref: 10021804
                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 1002180D
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CurrentH_prolog3Thread$__strdup
                                                                                                          • String ID:
                                                                                                          • API String ID: 4206445780-0
                                                                                                          • Opcode ID: 81573f6a70f85e6e6b71bd66fb05b0a7947cee5f3eccb4cfcc9ed85a086636bb
                                                                                                          • Instruction ID: 63c4b4d8ed515ebd67a2d3fac6e93b486822e3c8ffac095a61f99a1b17b282e6
                                                                                                          • Opcode Fuzzy Hash: 81573f6a70f85e6e6b71bd66fb05b0a7947cee5f3eccb4cfcc9ed85a086636bb
                                                                                                          • Instruction Fuzzy Hash: EC217DB8801B408EC321DF6A958124AFBF4FFA4600F50891FE5AAC7A22DBB4A441CF44
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10029178, Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: MessageSend$Capture
                                                                                                          • String ID:
                                                                                                          • API String ID: 1665607226-0
                                                                                                          • Opcode ID: 088ca0eca7ffd53ce47653328526b22f7a75d7299b8dffa12b2224c673d87500
                                                                                                          • Instruction ID: 9d500238946ec194ad8ffa17e766443115c43433aa0eeb43828134f684b4c91a
                                                                                                          • Opcode Fuzzy Hash: 088ca0eca7ffd53ce47653328526b22f7a75d7299b8dffa12b2224c673d87500
                                                                                                          • Instruction Fuzzy Hash: 8A0175713402557BDA205B629CCDF9B3E7AEBCAF50F510478F6089A0A7CAA14800D620
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002ABD3, Relevance: 6.1, APIs: 4, Instructions: 56registryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • RegSetValueExA.ADVAPI32(00000000,?,00000000,00000004,?,00000004), ref: 1002AC0E
                                                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 1002AC17
                                                                                                          • swprintf.LIBCMT ref: 1002AC34
                                                                                                          • WritePrivateProfileStringA.KERNEL32(?,?,?,?), ref: 1002AC45
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ClosePrivateProfileStringValueWriteswprintf
                                                                                                          • String ID:
                                                                                                          • API String ID: 22681860-0
                                                                                                          • Opcode ID: c84d023a091e3481915df690cb6fa3c091d1dd2ebdb2df30426c6b2c34bdf920
                                                                                                          • Instruction ID: b3e5ac37a67a2c34724f7244494befea3428c85a23c18ad1ae006fcf60cdee60
                                                                                                          • Opcode Fuzzy Hash: c84d023a091e3481915df690cb6fa3c091d1dd2ebdb2df30426c6b2c34bdf920
                                                                                                          • Instruction Fuzzy Hash: C901ED76500218ABDB10DF688D85FAF77ACEB49714F51082AFA01E3141DB74ED0487A8
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10027E7D, Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetTopWindow.USER32(00000000), ref: 10027E8D
                                                                                                          • GetTopWindow.USER32(00000000), ref: 10027ECC
                                                                                                          • GetWindow.USER32(00000000,00000002), ref: 10027EEA
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Window
                                                                                                          • String ID:
                                                                                                          • API String ID: 2353593579-0
                                                                                                          • Opcode ID: afb69f6388361ddcc73f1cca2ae2c50509cd01f1d16e133e3ebac848732dfc51
                                                                                                          • Instruction ID: 7c1aa0b4fd0438a3880c8a8454d512b9e221987d8156c76486bb18807498cd50
                                                                                                          • Opcode Fuzzy Hash: afb69f6388361ddcc73f1cca2ae2c50509cd01f1d16e133e3ebac848732dfc51
                                                                                                          • Instruction Fuzzy Hash: 8101D33640062ABBDF139FA1AD05E9F3B6AFF492A0F424054FE1851060D736C961EBA5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1003B5D6, Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                          • String ID:
                                                                                                          • API String ID: 3016257755-0
                                                                                                          • Opcode ID: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                                                          • Instruction ID: 1693f95a625ffde70028128af171decd196e1ba2c6c978d497889c3db2691634
                                                                                                          • Opcode Fuzzy Hash: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                                                          • Instruction Fuzzy Hash: 85117E3680054ABFCF139E80CC028EE3F62FB09299F548415FF1958032C736D9B1AB81
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10027839, Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetDlgItem.USER32 ref: 10027846
                                                                                                          • GetTopWindow.USER32(00000000), ref: 10027859
                                                                                                            • Part of subcall function 10027839: GetWindow.USER32(00000000,00000002), ref: 100278A0
                                                                                                          • GetTopWindow.USER32(?), ref: 10027889
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Window$Item
                                                                                                          • String ID:
                                                                                                          • API String ID: 369458955-0
                                                                                                          • Opcode ID: 3cb82c9a8c8603e496fbf3d62de3cfdf58aa9b4925ce369bf6021e639fee71c7
                                                                                                          • Instruction ID: f10d52d962ac960512d7384eec108a680d17f64428226a36a785d2fcb99e30ea
                                                                                                          • Opcode Fuzzy Hash: 3cb82c9a8c8603e496fbf3d62de3cfdf58aa9b4925ce369bf6021e639fee71c7
                                                                                                          • Instruction Fuzzy Hash: F301A23618166ABBCB229F51AC08E8F3A99FF417E0F814021FD0C91111DF31D911D6E1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002A257, Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • FindResourceA.KERNEL32(?,?,000000F0), ref: 1002A27D
                                                                                                          • LoadResource.KERNEL32(?,00000000,?,?,?,?,?,10023139,?,?,1001DF61), ref: 1002A289
                                                                                                          • LockResource.KERNEL32(00000000,?,?,?,?,?,10023139,?,?,1001DF61), ref: 1002A296
                                                                                                          • FreeResource.KERNEL32(00000000,00000000,?,?,?,?,?,10023139,?,?,1001DF61), ref: 1002A2B2
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Resource$FindFreeLoadLock
                                                                                                          • String ID:
                                                                                                          • API String ID: 1078018258-0
                                                                                                          • Opcode ID: feba8fe24ac97258290d34300adbce18e9849086dee679fc7f85b56fb59f0c30
                                                                                                          • Instruction ID: f3c4c51c49c486de2effa8659e681593a38c79611994fd5387b39b2d60b42ad5
                                                                                                          • Opcode Fuzzy Hash: feba8fe24ac97258290d34300adbce18e9849086dee679fc7f85b56fb59f0c30
                                                                                                          • Instruction Fuzzy Hash: B5F0C237200316BBD7019FAD9DC4A6B77ADEF866A17524038FE09D3210DE71DD448AB4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10001310, Relevance: 6.0, APIs: 4, Instructions: 41networkCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _memsethtonsinet_addrsendto
                                                                                                          • String ID:
                                                                                                          • API String ID: 1158618643-0
                                                                                                          • Opcode ID: c3eaa792e2cc8573930c6e3819606380beb20a92460ab2a72e807829517de2d8
                                                                                                          • Instruction ID: 60f6b611a07b9dfdfd37c1fffb937be7e3926c5419f3fbf29161148c0f489d21
                                                                                                          • Opcode Fuzzy Hash: c3eaa792e2cc8573930c6e3819606380beb20a92460ab2a72e807829517de2d8
                                                                                                          • Instruction Fuzzy Hash: 7A015E75900208ABDB00DFA4C986BBF77B8FF48700F504459F90597281E770AA10DBA1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10023584, Relevance: 6.0, APIs: 4, Instructions: 32COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • EnableWindow.USER32(?,00000001), ref: 100235A4
                                                                                                          • GetActiveWindow.USER32 ref: 100235AF
                                                                                                          • SetActiveWindow.USER32(?,?,00000024,1000150C,00000000,F6A34367), ref: 100235BD
                                                                                                          • FreeResource.KERNEL32(?,?,00000024,1000150C,00000000,F6A34367), ref: 100235D9
                                                                                                            • Part of subcall function 1002A4AD: EnableWindow.USER32(?,00000000), ref: 1002A4BE
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Window$ActiveEnable$FreeResource
                                                                                                          • String ID:
                                                                                                          • API String ID: 253586258-0
                                                                                                          • Opcode ID: 2c836dbf06692eee7363ec98f3d2861cbecdd6f5195fecbca41b8321f8fae3dc
                                                                                                          • Instruction ID: 11aa7c219ea7ea27b38022f450b92876966fee3fb2bcd7a89944b049f6e30275
                                                                                                          • Opcode Fuzzy Hash: 2c836dbf06692eee7363ec98f3d2861cbecdd6f5195fecbca41b8321f8fae3dc
                                                                                                          • Instruction Fuzzy Hash: 83F01934900B28CBDF12EF64D9855AD77B1FF88B02B900425E446B2161CB326E80CA65
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 100337CF, Relevance: 6.0, APIs: 4, Instructions: 31COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __getptd.LIBCMT ref: 100337DB
                                                                                                            • Part of subcall function 10034770: __getptd_noexit.LIBCMT ref: 10034773
                                                                                                            • Part of subcall function 10034770: __amsg_exit.LIBCMT ref: 10034780
                                                                                                          • __getptd.LIBCMT ref: 100337F2
                                                                                                          • __amsg_exit.LIBCMT ref: 10033800
                                                                                                          • __lock.LIBCMT ref: 10033810
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                                                                                                          • String ID:
                                                                                                          • API String ID: 3521780317-0
                                                                                                          • Opcode ID: 56a1e1e41ab0af4027642382f4b576c173bb85e7d626fa8461ae6f1c5f148875
                                                                                                          • Instruction ID: dae39449bd8c003bde3e62b30ea038717af1cc855304bc2085dea34c93cae8e5
                                                                                                          • Opcode Fuzzy Hash: 56a1e1e41ab0af4027642382f4b576c173bb85e7d626fa8461ae6f1c5f148875
                                                                                                          • Instruction Fuzzy Hash: 72F06D7E909700AFE362DB74844674A37E0EF00762F118619B4419F3A1CF34B900CA91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002173A, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 10021762
                                                                                                          • PathFindExtensionA.SHLWAPI(?), ref: 10021778
                                                                                                            • Part of subcall function 100214CB: __EH_prolog3_GS.LIBCMT ref: 100214D5
                                                                                                            • Part of subcall function 100214CB: GetModuleHandleA.KERNEL32(kernel32.dll,0000015C,1002179C,?,?), ref: 10021505
                                                                                                            • Part of subcall function 100214CB: GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 10021519
                                                                                                            • Part of subcall function 100214CB: ConvertDefaultLocale.KERNEL32(?), ref: 10021555
                                                                                                            • Part of subcall function 100214CB: ConvertDefaultLocale.KERNEL32(?), ref: 10021563
                                                                                                            • Part of subcall function 100214CB: GetProcAddress.KERNEL32(?,GetSystemDefaultUILanguage), ref: 10021580
                                                                                                            • Part of subcall function 100214CB: ConvertDefaultLocale.KERNEL32(?), ref: 100215AB
                                                                                                            • Part of subcall function 100214CB: ConvertDefaultLocale.KERNEL32(000003FF), ref: 100215B4
                                                                                                            • Part of subcall function 100214CB: GetModuleFileNameA.KERNEL32(10000000,?,00000105), ref: 10021669
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ConvertDefaultLocale$Module$AddressFileNameProc$ExtensionFindH_prolog3_HandlePath
                                                                                                          • String ID: %s%s.dll
                                                                                                          • API String ID: 1311856149-1649984862
                                                                                                          • Opcode ID: 06773c07019d6f4b52aa5f2187269cd07d01a6017d615c8e4409f9f105a9a11d
                                                                                                          • Instruction ID: cb1c0cb3582a3260588f521687d4e0582820240ed98e8e3d3c47ebba61cd8817
                                                                                                          • Opcode Fuzzy Hash: 06773c07019d6f4b52aa5f2187269cd07d01a6017d615c8e4409f9f105a9a11d
                                                                                                          • Instruction Fuzzy Hash: DA01D1759002289FDB10DB28DD45AEF77FCEB85700F4104A6E505E7150EA70AE04CBA0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1003785E, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 10030483: __getptd.LIBCMT ref: 10030489
                                                                                                            • Part of subcall function 10030483: __getptd.LIBCMT ref: 10030499
                                                                                                          • __getptd.LIBCMT ref: 1003786D
                                                                                                            • Part of subcall function 10034770: __getptd_noexit.LIBCMT ref: 10034773
                                                                                                            • Part of subcall function 10034770: __amsg_exit.LIBCMT ref: 10034780
                                                                                                          • __getptd.LIBCMT ref: 1003787B
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: __getptd$__amsg_exit__getptd_noexit
                                                                                                          • String ID: csm
                                                                                                          • API String ID: 803148776-1018135373
                                                                                                          • Opcode ID: 51da8c13634b056fff6b854f5948755b110b34fcd4bcc67fefb372d20441b29d
                                                                                                          • Instruction ID: 9bdde97464bd0678537997cb56ba83c365607814a506e3d314dec82bc4d239b5
                                                                                                          • Opcode Fuzzy Hash: 51da8c13634b056fff6b854f5948755b110b34fcd4bcc67fefb372d20441b29d
                                                                                                          • Instruction Fuzzy Hash: 5C014B38841245CECB36CFA0D8446AEB7F6FF08253F51442EE0495EAA1DF30EA81CB51
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10002AB0, Relevance: 5.2, APIs: 4, Instructions: 181COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • IsBadReadPtr.KERNEL32(00000000,00000014,?,?,?,?,1000308E,00000000,00000000), ref: 10002B05
                                                                                                          • SetLastError.KERNEL32(0000007E), ref: 10002B47
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorLastRead
                                                                                                          • String ID:
                                                                                                          • API String ID: 4100373531-0
                                                                                                          • Opcode ID: 97caa88e84ccd89aa93ae28ac998ff8c0d132747f048963a4391c92f1473f43e
                                                                                                          • Instruction ID: 796d6741741126c51599b2b906ad2ab7a2c15db3fbae67425d52538266fc70d6
                                                                                                          • Opcode Fuzzy Hash: 97caa88e84ccd89aa93ae28ac998ff8c0d132747f048963a4391c92f1473f43e
                                                                                                          • Instruction Fuzzy Hash: C38182B4A00209DFEB04CF94C981A9EB7B1FF88354F248559E819AB355D735EE82CF94
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002A6AB, Relevance: 5.0, APIs: 4, Instructions: 38COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • EnterCriticalSection.KERNEL32(10086308,?,?,?,?,1002AD16,00000010,00000008,10024D7E,10024D21,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002A6E5
                                                                                                          • InitializeCriticalSection.KERNEL32(?,?,?,?,?,1002AD16,00000010,00000008,10024D7E,10024D21,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002A6F7
                                                                                                          • LeaveCriticalSection.KERNEL32(10086308,?,?,?,?,1002AD16,00000010,00000008,10024D7E,10024D21,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002A704
                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,1002AD16,00000010,00000008,10024D7E,10024D21,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002A714
                                                                                                            • Part of subcall function 10023B5B: __CxxThrowException@8.LIBCMT ref: 10023B71
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CriticalSection$Enter$Exception@8InitializeLeaveThrow
                                                                                                          • String ID:
                                                                                                          • API String ID: 3253506028-0
                                                                                                          • Opcode ID: feb1692b13d847297fc57938e43eb050cd6bddea5eb79fc1efedc9f05588c2f0
                                                                                                          • Instruction ID: 3062035623b9543bfb964b4a27d18fc4dd6f5ea10993a44c93a1de297aa0e807
                                                                                                          • Opcode Fuzzy Hash: feb1692b13d847297fc57938e43eb050cd6bddea5eb79fc1efedc9f05588c2f0
                                                                                                          • Instruction Fuzzy Hash: 48F09672900355AFEB009F68DCCCB09B7AAFBD6261FDB0017F14486122DF3499C5CAA5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002AC8F, Relevance: 5.0, APIs: 4, Instructions: 35COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • EnterCriticalSection.KERNEL32(100863DC,?,?,?,?,1002B122,?,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004,100217C4,00000004), ref: 1002AC9D
                                                                                                          • TlsGetValue.KERNEL32(100863C0,?,?,?,?,1002B122,?,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004,100217C4,00000004), ref: 1002ACB1
                                                                                                          • LeaveCriticalSection.KERNEL32(100863DC,?,?,?,?,1002B122,?,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004,100217C4,00000004), ref: 1002ACC7
                                                                                                          • LeaveCriticalSection.KERNEL32(100863DC,?,?,?,?,1002B122,?,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004,100217C4,00000004), ref: 1002ACD2
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.670326174.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.670323091.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670352221.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670359232.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670363909.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670388715.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670395758.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.670406865.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CriticalSection$Leave$EnterValue
                                                                                                          • String ID:
                                                                                                          • API String ID: 3969253408-0
                                                                                                          • Opcode ID: 635fa73827a5293bebe955a628cf46864b21247635245c70732137549ce58e55
                                                                                                          • Instruction ID: 611a8f73b53b00c56169e9f5a31810a1fff77d91dc8bf1d27f242dc0fd10bd82
                                                                                                          • Opcode Fuzzy Hash: 635fa73827a5293bebe955a628cf46864b21247635245c70732137549ce58e55
                                                                                                          • Instruction Fuzzy Hash: 42F054362005149FD3108F68DDC8C06B7ADFB8A2613664425E805D3221DA30F849EB50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Analysis Process: rundll32.exe PID: 6916 Parent PID: 6800 rundll32.exeCOMMON

                                                                                                          Execution Graph

                                                                                                          Execution Coverage:13.9%
                                                                                                          Dynamic/Decrypted Code Coverage:97.5%
                                                                                                          Signature Coverage:0%
                                                                                                          Total number of Nodes:1102
                                                                                                          Total number of Limit Nodes:11

                                                                                                          Graph

                                                                                                          execution_graph 4703 10003160 4706 10002d40 4703->4706 4705 10003188 4709 10002d65 4706->4709 4707 10002e97 GetNativeSystemInfo 4708 10002ee6 VirtualAlloc 4707->4708 4717 10002d69 4707->4717 4710 10002f07 VirtualAlloc 4708->4710 4711 10002f32 4708->4711 4709->4707 4709->4717 4710->4711 4710->4717 4712 10002fdc VirtualAlloc 4711->4712 4711->4717 4713 1000300b 4712->4713 4718 100024d0 4713->4718 4715 1000303f 4715->4717 4722 100027c0 4715->4722 4717->4705 4719 10002500 4718->4719 4720 100025b4 VirtualAlloc 4719->4720 4721 10002560 4719->4721 4720->4721 4721->4715 4726 10002808 4722->4726 4723 10002911 4724 10002690 2 API calls 4723->4724 4727 100028ed 4724->4727 4726->4723 4726->4727 4728 10002690 4726->4728 4727->4717 4729 100026ac 4728->4729 4730 100026a2 4728->4730 4731 10002714 VirtualProtect 4729->4731 4732 100026ba 4729->4732 4730->4726 4731->4730 4732->4730 4734 100026f2 VirtualFree 4732->4734 4734->4730 4735 816395 4736 816453 4735->4736 4740 81647e 4735->4740 4741 81efdd 4736->4741 4749 81f548 4741->4749 4744 81f760 4780 8185ff 4744->4780 4745 816466 4745->4740 4754 81d11a 4745->4754 4749->4744 4749->4745 4750 81e1f8 GetPEB RtlAllocateHeap 4749->4750 4753 81fecb GetPEB 4749->4753 4757 82061d 4749->4757 4761 801a34 4749->4761 4765 820db1 4749->4765 4769 822d0a 4749->4769 4773 81fe2a 4749->4773 4777 80c307 4749->4777 4750->4749 4753->4749 4755 80eb52 GetPEB 4754->4755 4756 81d1b1 ExitProcess 4755->4756 4756->4740 4758 820636 4757->4758 4790 80eb52 4758->4790 4762 801a59 4761->4762 4763 80eb52 GetPEB 4762->4763 4764 801aeb 4763->4764 4764->4749 4766 820dcc 4765->4766 4820 81bb96 4766->4820 4770 822d2f 4769->4770 4824 8231aa 4770->4824 4774 81fe3d 4773->4774 4827 80c28c 4774->4827 4778 80eb52 GetPEB 4777->4778 4779 80c39e 4778->4779 4779->4749 4781 818626 4780->4781 4782 81fe2a GetPEB 4781->4782 4783 81878e 4782->4783 4835 822c24 4783->4835 4786 8187d2 4786->4745 4788 8187ec 4789 821538 2 API calls 4788->4789 4789->4786 4791 80ec1b lstrcmpiW 4790->4791 4792 80ebf7 4790->4792 4791->4749 4796 81567b 4792->4796 4794 80ec06 4799 80ec31 4794->4799 4803 80f7f7 GetPEB 4796->4803 4798 81573b 4798->4794 4801 80ec50 4799->4801 4800 80ed2e 4800->4791 4801->4800 4804 807e79 4801->4804 4803->4798 4805 807fa7 4804->4805 4812 80801a 4805->4812 4808 807fe4 4810 808011 4808->4810 4811 80ec31 GetPEB 4808->4811 4810->4800 4811->4810 4813 80802d 4812->4813 4814 80eb52 GetPEB 4813->4814 4815 807fcb 4814->4815 4815->4808 4816 80483c 4815->4816 4817 80484c 4816->4817 4818 80eb52 GetPEB 4817->4818 4819 8048d1 4818->4819 4819->4808 4821 81bbbe 4820->4821 4822 80eb52 GetPEB 4821->4822 4823 81bc5c 4822->4823 4823->4749 4825 80eb52 GetPEB 4824->4825 4826 822d4b 4825->4826 4826->4749 4828 80c2a9 4827->4828 4831 8076e0 4828->4831 4832 8076f8 4831->4832 4833 80eb52 GetPEB 4832->4833 4834 807793 4833->4834 4834->4749 4836 822c57 4835->4836 4837 80eb52 GetPEB 4836->4837 4838 8187c7 4837->4838 4838->4786 4839 821538 4838->4839 4840 821548 4839->4840 4841 80eb52 GetPEB 4840->4841 4842 82160f FindCloseChangeNotification 4841->4842 4842->4788 5994 81a2a5 5995 81a419 5994->5995 5996 81a467 5995->5996 5997 814244 2 API calls 5995->5997 5998 81a434 5997->5998 6002 823560 5998->6002 6001 81fecb GetPEB 6001->5996 6003 82357f 6002->6003 6005 81a44b 6003->6005 6006 81bddd 6003->6006 6005->6001 6007 81bdf6 6006->6007 6008 80eb52 GetPEB 6007->6008 6009 81be7e 6008->6009 6009->6003 6010 8236aa 6020 823bc2 6010->6020 6011 80c5d8 2 API calls 6011->6020 6012 822b09 GetPEB 6012->6020 6013 820db1 GetPEB 6013->6020 6014 823df0 6015 821538 2 API calls 6014->6015 6016 823dee 6015->6016 6017 8109dd GetPEB 6017->6020 6019 8245ca 2 API calls 6019->6020 6020->6011 6020->6012 6020->6013 6020->6014 6020->6016 6020->6017 6020->6019 6021 82061d 2 API calls 6020->6021 6023 81e406 6020->6023 6027 8227bc 6020->6027 6021->6020 6024 81e434 6023->6024 6025 80eb52 GetPEB 6024->6025 6026 81e4c9 6025->6026 6026->6020 6028 8227cf 6027->6028 6029 80eb52 GetPEB 6028->6029 6030 822873 6029->6030 6030->6020 4843 80f1cb 4848 808636 4843->4848 4845 80f26d 4846 81d11a 2 API calls 4845->4846 4847 80f281 4846->4847 4853 809ad5 4848->4853 4849 80a3e5 5098 8127f9 4849->5098 4851 820e63 GetPEB RtlAllocateHeap 4851->4853 4853->4849 4853->4851 4858 80a3c7 4853->4858 4860 80a3c5 4853->4860 4862 813d85 GetPEB RtlAllocateHeap 4853->4862 4879 822b09 GetPEB 4853->4879 4882 81fecb GetPEB 4853->4882 4885 812142 4853->4885 4899 80670b 4853->4899 4907 822699 4853->4907 4911 80de74 4853->4911 4921 822009 4853->4921 4932 814a66 4853->4932 4942 81ad08 4853->4942 4952 80a445 4853->4952 4961 821028 4853->4961 4965 814f74 4853->4965 4973 8077a3 4853->4973 4978 8030e7 4853->4978 4983 81bd13 4853->4983 4987 81d1bc 4853->4987 4997 80bdf9 4853->4997 5000 813eaa 4853->5000 5006 81e955 4853->5006 5017 804b5d 4853->5017 5020 80c6b8 4853->5020 5033 80d14c 4853->5033 5046 81c5d5 4853->5046 5050 81fbde 4853->5050 5055 81c387 4853->5055 5060 81e4e5 4853->5060 5072 819a01 4853->5072 5081 818d3d 4853->5081 5088 8217bd 4858->5088 4860->4845 4862->4853 4879->4853 4882->4853 4894 812628 4885->4894 4887 80c5d8 GetPEB RtlAllocateHeap 4887->4894 4888 8127af 5132 822b09 4888->5132 4891 812793 5128 80f7fe 4891->5128 4894->4887 4894->4888 4894->4891 4895 812791 4894->4895 5112 81e1f8 4894->5112 5116 80738a 4894->5116 5120 818b9e 4894->5120 5124 81fecb 4894->5124 4895->4853 4896 822b09 GetPEB 4896->4895 4903 806a16 4899->4903 4901 820db1 GetPEB 4901->4903 4903->4901 4904 806b43 4903->4904 4906 821538 2 API calls 4903->4906 5154 8245ca 4903->5154 5158 81dbc1 4903->5158 5162 81ca1f 4903->5162 4904->4853 4906->4903 4909 8226b3 4907->4909 4908 81ff58 LoadLibraryW GetPEB RtlAllocateHeap 4908->4909 4909->4908 4910 8227a6 4909->4910 4910->4853 4913 80e069 4911->4913 4912 80e1e6 5181 8054b6 4912->5181 4913->4912 4915 80e1e4 4913->4915 4918 822b09 GetPEB 4913->4918 4920 80c307 GetPEB 4913->4920 5166 818c7d 4913->5166 5170 81e0f2 4913->5170 5174 81f840 4913->5174 4915->4853 4918->4913 4920->4913 5189 80556b 4921->5189 4923 822465 4924 8225bf 4923->4924 4926 81e1f8 GetPEB RtlAllocateHeap 4923->4926 4927 8225bd 4923->4927 4928 822d0a GetPEB 4923->4928 4931 81fecb GetPEB 4923->4931 5206 80dc1b 4923->5206 5209 8244ad 4923->5209 5192 81654a 4924->5192 4926->4923 4927->4853 4928->4923 4931->4923 4934 814ded 4932->4934 4935 801a34 GetPEB 4934->4935 4936 80c5d8 2 API calls 4934->4936 4937 814f23 4934->4937 4938 814f25 4934->4938 5221 81e8b6 4934->5221 5225 8107f4 4934->5225 5232 803046 4934->5232 4935->4934 4936->4934 4937->4853 4940 820db1 GetPEB 4938->4940 4940->4937 4944 81b06a 4942->4944 4943 820db1 GetPEB 4943->4944 4944->4943 4945 81e1f8 2 API calls 4944->4945 4946 81b173 4944->4946 4947 81654a GetPEB 4944->4947 4948 822d0a GetPEB 4944->4948 4949 81b171 4944->4949 4951 81fecb GetPEB 4944->4951 4945->4944 5240 817a0f 4946->5240 4947->4944 4948->4944 4949->4853 4951->4944 4960 80a713 4952->4960 4955 80a84e 4956 803046 GetPEB 4955->4956 4957 80a84c 4956->4957 4957->4853 4958 81e8b6 2 API calls 4958->4960 4959 803046 GetPEB 4959->4960 4960->4955 4960->4957 4960->4958 4960->4959 5258 80ee62 4960->5258 5262 801e9b 4960->5262 4962 821041 4961->4962 4963 80eb52 GetPEB 4962->4963 4964 8210cd 4963->4964 4964->4853 4971 81522f 4965->4971 4968 815328 4968->4853 4969 81e1f8 2 API calls 4969->4971 4970 822d0a GetPEB 4970->4971 4971->4968 4971->4969 4971->4970 4972 81fecb GetPEB 4971->4972 5266 8109dd 4971->5266 5270 81437a 4971->5270 4972->4971 4974 8077cc 4973->4974 4975 80c5d8 2 API calls 4974->4975 4976 807e67 4974->4976 4977 81cad5 GetPEB 4974->4977 4975->4974 4976->4853 4977->4974 4979 8031a7 4978->4979 4981 80325b 4979->4981 5294 82161b 4979->5294 5298 822a36 4979->5298 4981->4853 4984 81bd2c 4983->4984 4985 80eb52 GetPEB 4984->4985 4986 81bdd2 4985->4986 4986->4853 4996 81d202 4987->4996 4989 81fe2a GetPEB 4989->4996 4991 822b09 GetPEB 4991->4996 4993 81d8c2 4993->4853 4996->4989 4996->4991 4996->4993 5302 806b7a 4996->5302 5310 815779 4996->5310 5322 8080c0 4996->5322 5332 812e5d 4996->5332 5350 8167e6 4996->5350 4998 80c5d8 2 API calls 4997->4998 4999 80be8c 4998->4999 4999->4853 5003 814051 5000->5003 5001 81416b 5001->4853 5002 8109dd GetPEB 5002->5003 5003->5001 5003->5002 5502 80dd35 5003->5502 5505 810aba 5003->5505 5008 81edaa 5006->5008 5007 8245ca 2 API calls 5007->5008 5008->5007 5009 81efc1 5008->5009 5011 81e1f8 2 API calls 5008->5011 5012 81efbf 5008->5012 5013 822d0a GetPEB 5008->5013 5015 81ca1f GetPEB 5008->5015 5016 81fecb GetPEB 5008->5016 5543 8244ff 5008->5543 5010 821538 2 API calls 5009->5010 5010->5012 5011->5008 5012->4853 5013->5008 5015->5008 5016->5008 5018 821028 GetPEB 5017->5018 5019 804bf5 5018->5019 5019->4853 5032 80cdac 5020->5032 5021 81e1f8 GetPEB RtlAllocateHeap 5021->5032 5022 8100c5 GetPEB 5022->5032 5024 80cdf0 5547 8053d0 5024->5547 5025 801a34 GetPEB 5025->5032 5028 80d05c 5028->5028 5030 81fecb GetPEB 5030->5032 5032->5021 5032->5022 5032->5024 5032->5025 5032->5028 5032->5030 5551 812cd9 5032->5551 5555 802dea 5032->5555 5559 80f96f 5032->5559 5044 80d807 5033->5044 5034 80da79 5036 803046 GetPEB 5034->5036 5035 801a34 GetPEB 5035->5044 5037 80da77 5036->5037 5037->4853 5038 81e8b6 2 API calls 5038->5044 5040 81e1f8 2 API calls 5040->5044 5042 803046 GetPEB 5042->5044 5043 80f96f GetPEB 5043->5044 5044->5034 5044->5035 5044->5037 5044->5038 5044->5040 5044->5042 5044->5043 5045 81fecb GetPEB 5044->5045 5563 81b257 5044->5563 5576 817c4e 5044->5576 5045->5044 5049 81c7d3 5046->5049 5047 80dc1b GetPEB 5047->5049 5048 81c8ad 5048->4853 5049->5047 5049->5048 5052 81fcf5 5050->5052 5053 81fd44 5052->5053 5054 80c5d8 2 API calls 5052->5054 5592 819df5 5052->5592 5053->4853 5054->5052 5056 80556b GetPEB 5055->5056 5057 81c401 5056->5057 5621 81b19c 5057->5621 5061 81e50b 5060->5061 5062 80c5d8 2 API calls 5061->5062 5068 81e8a9 5061->5068 5625 817d5b 5061->5625 5645 8200ef 5061->5645 5657 80b820 5061->5657 5664 80a871 5061->5664 5685 81ccd9 5061->5685 5693 80238c 5061->5693 5714 81a474 5061->5714 5734 822d53 5061->5734 5062->5061 5068->4853 5077 819a1f 5072->5077 5073 819c42 5075 822b09 GetPEB 5073->5075 5079 819c40 5075->5079 5077->5073 5077->5079 5080 80c5d8 2 API calls 5077->5080 5847 80dca0 5077->5847 5851 823ee9 5077->5851 5861 803271 5077->5861 5079->4853 5080->5077 5087 818f0d 5081->5087 5083 818f1d 5086 810ebc GetPEB 5083->5086 5084 80c5d8 2 API calls 5084->5087 5085 818f3c 5085->4853 5086->5085 5087->5083 5087->5084 5087->5085 5956 8048dd 5087->5956 5097 8217de 5088->5097 5089 821f31 5090 8185ff 2 API calls 5089->5090 5091 821f2f 5090->5091 5091->4860 5092 801a34 GetPEB 5092->5097 5093 81e1f8 GetPEB RtlAllocateHeap 5093->5097 5095 81fecb GetPEB 5095->5097 5096 80f96f GetPEB 5096->5097 5097->5089 5097->5091 5097->5092 5097->5093 5097->5095 5097->5096 5960 80bf5f 5097->5960 5106 812b33 5098->5106 5101 812c60 5103 8109dd GetPEB 5101->5103 5102 81654a GetPEB 5102->5106 5105 812c75 5103->5105 5104 81e1f8 2 API calls 5104->5106 5978 80856e 5105->5978 5106->5101 5106->5102 5106->5104 5108 812c5e 5106->5108 5109 80a445 3 API calls 5106->5109 5110 822d0a GetPEB 5106->5110 5111 81fecb GetPEB 5106->5111 5964 81dc71 5106->5964 5972 801ca1 5106->5972 5108->4860 5109->5106 5110->5106 5111->5106 5113 81e211 5112->5113 5138 80c5d8 5113->5138 5115 81e2da 5115->4894 5115->5115 5117 8073a9 5116->5117 5118 80eb52 GetPEB 5117->5118 5119 80742e 5118->5119 5119->4894 5121 818bc0 5120->5121 5122 80eb52 GetPEB 5121->5122 5123 818c6a 5122->5123 5123->4894 5125 81fee3 5124->5125 5126 822b09 GetPEB 5125->5126 5127 81ff4f 5126->5127 5127->4894 5129 80f814 5128->5129 5130 80eb52 GetPEB 5129->5130 5131 80f892 5130->5131 5131->4895 5133 822b1f 5132->5133 5134 8228eb GetPEB 5133->5134 5135 822bd9 5134->5135 5150 810c2a 5135->5150 5143 8228eb 5138->5143 5142 80c6b1 5142->5115 5144 80eb52 GetPEB 5143->5144 5145 80c69c 5144->5145 5146 81648a 5145->5146 5147 8164a6 5146->5147 5148 80eb52 GetPEB 5147->5148 5149 816539 RtlAllocateHeap 5148->5149 5149->5142 5151 810c42 5150->5151 5152 80eb52 GetPEB 5151->5152 5153 810ce9 5152->5153 5153->4896 5155 8245fd 5154->5155 5156 80eb52 GetPEB 5155->5156 5157 8246a3 CreateFileW 5156->5157 5157->4903 5159 81dbe1 5158->5159 5160 80eb52 GetPEB 5159->5160 5161 81dc5f 5160->5161 5161->4903 5163 81ca35 5162->5163 5164 80eb52 GetPEB 5163->5164 5165 81cac9 5164->5165 5165->4903 5167 818c96 5166->5167 5168 80eb52 GetPEB 5167->5168 5169 818d2f 5168->5169 5169->4913 5171 81e10e 5170->5171 5172 80eb52 GetPEB 5171->5172 5173 81e19c 5172->5173 5173->4913 5175 81f859 5174->5175 5176 81a1c0 GetPEB 5175->5176 5177 81fb47 5175->5177 5178 80c5d8 2 API calls 5175->5178 5179 81fb19 5175->5179 5176->5175 5177->4913 5178->5175 5185 81a1c0 5179->5185 5182 8054c9 5181->5182 5183 80eb52 GetPEB 5182->5183 5184 80555f 5183->5184 5184->4915 5186 81a1f0 5185->5186 5187 80eb52 GetPEB 5186->5187 5188 81a28c 5187->5188 5188->5177 5190 80eb52 GetPEB 5189->5190 5191 8055f6 5190->5191 5191->4923 5193 816564 5192->5193 5194 81fe2a GetPEB 5193->5194 5195 816749 5194->5195 5196 81fe2a GetPEB 5195->5196 5197 816761 5196->5197 5198 81fe2a GetPEB 5197->5198 5199 816774 5198->5199 5213 80e204 5199->5213 5202 80e204 GetPEB 5203 81679e 5202->5203 5217 80e4f8 5203->5217 5207 80eb52 GetPEB 5206->5207 5208 80dc97 5207->5208 5208->4923 5210 8244d8 5209->5210 5211 8231aa GetPEB 5210->5211 5212 8244f7 5211->5212 5212->4923 5214 80e217 5213->5214 5215 80eb52 GetPEB 5214->5215 5216 80e2ae 5215->5216 5216->5202 5218 80e511 5217->5218 5219 80eb52 GetPEB 5218->5219 5220 80e5b5 5219->5220 5220->4927 5222 81e8d0 5221->5222 5223 80eb52 GetPEB 5222->5223 5224 81e946 OpenSCManagerW 5223->5224 5224->4934 5231 8108fe 5225->5231 5226 820db1 GetPEB 5226->5231 5227 8109b5 5227->4934 5228 8109b7 5229 80e204 GetPEB 5228->5229 5229->5227 5231->5226 5231->5227 5231->5228 5236 8100c5 5231->5236 5233 80305c 5232->5233 5234 80eb52 GetPEB 5233->5234 5235 8030db 5234->5235 5235->4934 5237 8100d8 5236->5237 5238 80eb52 GetPEB 5237->5238 5239 810170 5238->5239 5239->5231 5241 817a2c 5240->5241 5242 81e1f8 2 API calls 5241->5242 5243 817bfe 5242->5243 5250 812c9c 5243->5250 5246 81fecb GetPEB 5247 817c2e 5246->5247 5254 80d061 5247->5254 5249 817c45 5249->4949 5251 812cb8 5250->5251 5252 8231aa GetPEB 5251->5252 5253 812cd1 5252->5253 5253->5246 5255 80d07a 5254->5255 5256 80eb52 GetPEB 5255->5256 5257 80d141 DeleteFileW 5256->5257 5257->5249 5259 80ee81 5258->5259 5260 80eb52 GetPEB 5259->5260 5261 80eefb OpenServiceW 5260->5261 5261->4960 5263 801eb4 5262->5263 5264 80eb52 GetPEB 5263->5264 5265 801f2d 5264->5265 5265->4960 5267 8109f3 5266->5267 5268 80eb52 GetPEB 5267->5268 5269 810a85 5268->5269 5269->4971 5271 8143a8 5270->5271 5274 814a52 5271->5274 5276 81e1f8 GetPEB RtlAllocateHeap 5271->5276 5277 814a50 5271->5277 5278 812c9c GetPEB 5271->5278 5279 822d0a GetPEB 5271->5279 5280 81fecb GetPEB 5271->5280 5281 81437a 2 API calls 5271->5281 5282 812da7 5271->5282 5286 820f1e 5271->5286 5290 80bea1 5274->5290 5276->5271 5277->4971 5278->5271 5279->5271 5280->5271 5281->5271 5283 812dbd 5282->5283 5284 80eb52 GetPEB 5283->5284 5285 812e4f 5284->5285 5285->5271 5287 820f37 5286->5287 5288 80eb52 GetPEB 5287->5288 5289 820ff6 5288->5289 5289->5271 5291 80beb1 5290->5291 5292 80eb52 GetPEB 5291->5292 5293 80bf53 5292->5293 5293->5277 5295 821631 5294->5295 5296 80eb52 GetPEB 5295->5296 5297 8216b5 5296->5297 5297->4979 5299 822a49 5298->5299 5300 80eb52 GetPEB 5299->5300 5301 822afe 5300->5301 5301->4979 5305 806b9c 5302->5305 5303 822b09 GetPEB 5303->5305 5305->5303 5306 80706b 5305->5306 5308 80c5d8 2 API calls 5305->5308 5367 8207aa 5305->5367 5372 81c9b0 5305->5372 5376 8246bd 5305->5376 5306->4996 5308->5305 5321 8157ab 5310->5321 5312 822b09 GetPEB 5312->5321 5313 816086 5315 822b09 GetPEB 5313->5315 5314 8057b8 2 API calls 5314->5321 5317 816084 5315->5317 5317->4996 5319 81c9b0 GetPEB 5319->5321 5320 80c5d8 2 API calls 5320->5321 5321->5312 5321->5313 5321->5314 5321->5317 5321->5319 5321->5320 5425 805026 5321->5425 5429 80e7de 5321->5429 5434 80fb8e 5321->5434 5330 8083f1 5322->5330 5323 80854c 5325 822b09 GetPEB 5323->5325 5324 81e1f8 2 API calls 5324->5330 5327 80854a 5325->5327 5327->4996 5328 8231aa GetPEB 5328->5330 5329 80c5d8 2 API calls 5329->5330 5330->5323 5330->5324 5330->5327 5330->5328 5330->5329 5331 81fecb GetPEB 5330->5331 5441 820a64 5330->5441 5331->5330 5335 81393f 5332->5335 5333 814244 2 API calls 5333->5335 5334 80c5d8 GetPEB RtlAllocateHeap 5334->5335 5335->5333 5335->5334 5337 81c9b0 GetPEB 5335->5337 5339 81e1f8 2 API calls 5335->5339 5340 81fecb GetPEB 5335->5340 5341 813d59 5335->5341 5342 813992 5335->5342 5344 8231aa GetPEB 5335->5344 5349 813a00 5335->5349 5454 81e1ac 5335->5454 5337->5335 5338 822b09 GetPEB 5338->5349 5339->5335 5340->5335 5341->5338 5446 814244 5342->5446 5344->5335 5348 81fecb GetPEB 5348->5349 5349->4996 5351 816859 5350->5351 5354 81e1f8 2 API calls 5351->5354 5355 81792e 5351->5355 5358 81e358 GetPEB 5351->5358 5360 817943 5351->5360 5361 822b09 GetPEB 5351->5361 5363 81fecb GetPEB 5351->5363 5365 823e0e GetPEB 5351->5365 5458 80ed66 5351->5458 5462 80dda9 5351->5462 5466 804bfc 5351->5466 5475 8210dc 5351->5475 5479 80ef0c 5351->5479 5482 804a88 5351->5482 5486 81c8cf 5351->5486 5354->5351 5490 81e358 5355->5490 5358->5351 5360->4996 5361->5351 5363->5351 5365->5351 5370 8207c6 5367->5370 5371 820a10 5370->5371 5382 8057b8 5370->5382 5397 824d53 5370->5397 5371->5305 5373 81c9cc 5372->5373 5421 80db68 5373->5421 5379 8246ed 5376->5379 5377 822b09 GetPEB 5377->5379 5378 80c5d8 2 API calls 5378->5379 5379->5377 5379->5378 5380 8211b0 GetPEB 5379->5380 5381 824d2e 5379->5381 5380->5379 5381->5305 5395 8057fa 5382->5395 5384 80c5d8 2 API calls 5384->5395 5386 8066de 5387 80f7fe GetPEB 5386->5387 5389 8066dc 5387->5389 5388 81e1f8 GetPEB RtlAllocateHeap 5388->5395 5389->5370 5391 80738a GetPEB 5391->5395 5392 822b09 GetPEB 5392->5395 5395->5384 5395->5386 5395->5388 5395->5389 5395->5391 5395->5392 5396 81fecb GetPEB 5395->5396 5401 81cbe9 5395->5401 5405 8022c9 5395->5405 5409 801bc9 5395->5409 5413 80f288 5395->5413 5417 8212c1 5395->5417 5396->5395 5398 824d85 5397->5398 5399 80eb52 GetPEB 5398->5399 5400 824e23 5399->5400 5400->5370 5402 81cc0e 5401->5402 5403 80eb52 GetPEB 5402->5403 5404 81cc8d 5403->5404 5404->5395 5406 8022e8 5405->5406 5407 80eb52 GetPEB 5406->5407 5408 802377 5407->5408 5408->5395 5410 801bfb 5409->5410 5411 80eb52 GetPEB 5410->5411 5412 801c85 5411->5412 5412->5395 5414 80f2b2 5413->5414 5415 80eb52 GetPEB 5414->5415 5416 80f350 5415->5416 5416->5395 5418 8212da 5417->5418 5419 80eb52 GetPEB 5418->5419 5420 821380 5419->5420 5420->5395 5422 80db84 5421->5422 5423 80eb52 GetPEB 5422->5423 5424 80dc0b 5423->5424 5424->5305 5426 80503c 5425->5426 5427 81c9b0 GetPEB 5426->5427 5428 8050e1 5427->5428 5428->5321 5433 80e806 5429->5433 5430 81cad5 GetPEB 5430->5433 5431 80c5d8 2 API calls 5431->5433 5432 80eb40 5432->5321 5433->5430 5433->5431 5433->5432 5435 80fbad 5434->5435 5436 80c5d8 2 API calls 5435->5436 5437 810084 5435->5437 5438 810086 5435->5438 5439 802194 GetPEB 5435->5439 5436->5435 5437->5321 5440 822b09 GetPEB 5438->5440 5439->5435 5440->5437 5442 820a7e 5441->5442 5443 81c4f8 GetPEB 5442->5443 5444 80c5d8 2 API calls 5442->5444 5445 820da7 5442->5445 5443->5442 5444->5442 5445->5330 5447 81425e 5446->5447 5448 80c5d8 2 API calls 5447->5448 5449 8139af 5448->5449 5450 803325 5449->5450 5451 80333e 5450->5451 5452 8231aa GetPEB 5451->5452 5453 80335a 5452->5453 5453->5348 5455 81e1ce 5454->5455 5456 8231aa GetPEB 5455->5456 5457 81e1f0 5456->5457 5457->5335 5459 80eda1 5458->5459 5460 80eb52 GetPEB 5459->5460 5461 80ee49 5460->5461 5461->5351 5463 80ddcb 5462->5463 5464 80eb52 GetPEB 5463->5464 5465 80de63 5464->5465 5465->5351 5473 804ec7 5466->5473 5468 804fee 5469 805009 5468->5469 5470 822b09 GetPEB 5468->5470 5469->5351 5470->5469 5471 80c5d8 GetPEB RtlAllocateHeap 5471->5473 5472 81c9b0 GetPEB 5472->5473 5473->5468 5473->5471 5473->5472 5474 822b09 GetPEB 5473->5474 5494 819c65 5473->5494 5474->5473 5476 821100 5475->5476 5477 80eb52 GetPEB 5476->5477 5478 82119a 5477->5478 5478->5351 5498 8160b8 5479->5498 5483 804abc 5482->5483 5484 80eb52 GetPEB 5483->5484 5485 804b44 5484->5485 5485->5351 5487 81c8f4 5486->5487 5488 80eb52 GetPEB 5487->5488 5489 81c99d 5488->5489 5489->5351 5491 81e36b 5490->5491 5492 80eb52 GetPEB 5491->5492 5493 81e3fa 5492->5493 5493->5360 5495 819c85 5494->5495 5496 80eb52 GetPEB 5495->5496 5497 819d29 5496->5497 5497->5473 5499 8160de 5498->5499 5500 80eb52 GetPEB 5499->5500 5501 80efd1 5500->5501 5501->5351 5513 801f38 5502->5513 5506 810ade 5505->5506 5536 81f790 5506->5536 5511 821538 2 API calls 5512 810c1f 5511->5512 5512->5003 5517 801f57 5513->5517 5518 8020cc 5517->5518 5520 8020da 5517->5520 5522 807603 5517->5522 5525 8206ec 5517->5525 5529 80bd23 5517->5529 5533 80e5c0 5517->5533 5521 821538 2 API calls 5518->5521 5520->5003 5521->5520 5523 80eb52 GetPEB 5522->5523 5524 8076d3 5523->5524 5524->5517 5526 820702 5525->5526 5527 80eb52 GetPEB 5526->5527 5528 82079c 5527->5528 5528->5517 5530 80bd40 5529->5530 5531 80eb52 GetPEB 5530->5531 5532 80bdeb 5531->5532 5532->5517 5534 80556b GetPEB 5533->5534 5535 80e625 5534->5535 5535->5517 5537 80eb52 GetPEB 5536->5537 5538 810bf0 5537->5538 5538->5512 5539 80daaa 5538->5539 5540 80dac8 5539->5540 5541 80eb52 GetPEB 5540->5541 5542 80db55 5541->5542 5542->5511 5544 82451c 5543->5544 5545 80eb52 GetPEB 5544->5545 5546 8245b7 5545->5546 5546->5008 5548 8053e3 5547->5548 5549 80eb52 GetPEB 5548->5549 5550 80546b 5549->5550 5550->4853 5552 812d03 5551->5552 5553 80eb52 GetPEB 5552->5553 5554 812d8e 5553->5554 5554->5032 5556 802e23 5555->5556 5557 80eb52 GetPEB 5556->5557 5558 802ea5 5557->5558 5558->5032 5560 80f997 5559->5560 5561 8231aa GetPEB 5560->5561 5562 80f9b9 5561->5562 5562->5032 5566 81b27f 5563->5566 5564 81bb76 5565 822b09 GetPEB 5564->5565 5568 81bb89 5565->5568 5566->5564 5567 80c5d8 GetPEB RtlAllocateHeap 5566->5567 5566->5568 5571 80ee62 2 API calls 5566->5571 5572 822b09 GetPEB 5566->5572 5574 80dc1b GetPEB 5566->5574 5575 803046 GetPEB 5566->5575 5580 80fa95 5566->5580 5584 81fd4e 5566->5584 5588 80c3a7 5566->5588 5567->5566 5568->5044 5571->5566 5572->5566 5574->5566 5575->5566 5577 817c9b 5576->5577 5578 80eb52 GetPEB 5577->5578 5579 817d35 5578->5579 5579->5044 5581 80fad4 5580->5581 5582 80eb52 GetPEB 5581->5582 5583 80fb70 5582->5583 5583->5566 5585 81fd79 5584->5585 5586 80eb52 GetPEB 5585->5586 5587 81fe12 5586->5587 5587->5566 5589 80c3c9 5588->5589 5590 80eb52 GetPEB 5589->5590 5591 80c463 5590->5591 5591->5566 5595 819e1d 5592->5595 5593 814244 2 API calls 5593->5595 5595->5593 5597 81a1b5 5595->5597 5599 81fecb GetPEB 5595->5599 5600 8196c2 5595->5600 5604 815515 5595->5604 5609 820a1a 5595->5609 5597->5052 5599->5595 5601 8196db 5600->5601 5602 80eb52 GetPEB 5601->5602 5603 819765 5602->5603 5603->5595 5613 810de5 5604->5613 5608 815670 5608->5595 5610 820a3f 5609->5610 5611 8231aa GetPEB 5610->5611 5612 820a5c 5611->5612 5612->5595 5614 810dfe 5613->5614 5615 80eb52 GetPEB 5614->5615 5616 810eae 5615->5616 5616->5608 5617 82138b 5616->5617 5618 8213b8 5617->5618 5619 80eb52 GetPEB 5618->5619 5620 821475 5619->5620 5620->5608 5622 81b1af 5621->5622 5623 80eb52 GetPEB 5622->5623 5624 81b248 5623->5624 5624->4853 5642 8183d6 5625->5642 5626 81851b 5628 801a34 GetPEB 5626->5628 5627 818516 5627->5061 5630 81854b 5628->5630 5629 820db1 GetPEB 5629->5642 5631 81e1f8 2 API calls 5630->5631 5633 818565 5631->5633 5632 8109dd GetPEB 5632->5642 5634 822d0a GetPEB 5633->5634 5636 8185a6 5634->5636 5637 81fecb GetPEB 5636->5637 5639 8185c6 5637->5639 5638 81e1f8 2 API calls 5638->5642 5640 8185ff 2 API calls 5639->5640 5640->5627 5641 822d0a GetPEB 5641->5642 5642->5626 5642->5627 5642->5629 5642->5632 5642->5638 5642->5641 5643 81fecb GetPEB 5642->5643 5742 80baa9 5642->5742 5746 80bfbe 5642->5746 5643->5642 5646 8204c6 5645->5646 5647 8205e9 5646->5647 5648 8205e7 5646->5648 5650 820db1 GetPEB 5646->5650 5651 8109dd GetPEB 5646->5651 5652 80baa9 GetPEB 5646->5652 5653 81e1f8 2 API calls 5646->5653 5654 822d0a GetPEB 5646->5654 5655 81fecb GetPEB 5646->5655 5656 80bfbe 3 API calls 5646->5656 5649 8185ff 2 API calls 5647->5649 5648->5061 5649->5648 5650->5646 5651->5646 5652->5646 5653->5646 5654->5646 5655->5646 5656->5646 5662 80ba26 5657->5662 5658 80ba9c 5658->5061 5659 822b09 GetPEB 5659->5662 5660 821028 GetPEB 5660->5662 5662->5658 5662->5659 5662->5660 5663 821538 2 API calls 5662->5663 5757 80f0e9 5662->5757 5663->5662 5765 821f6d 5664->5765 5666 820a64 2 API calls 5683 80b3e7 5666->5683 5667 822b09 GetPEB 5667->5683 5669 8185ff 2 API calls 5669->5683 5670 801a34 GetPEB 5670->5683 5671 820db1 GetPEB 5671->5683 5672 80b7fb 5672->5061 5673 8244ad GetPEB 5673->5683 5674 80b7fd 5675 821538 2 API calls 5674->5675 5675->5672 5676 8109dd GetPEB 5676->5683 5677 8100c5 GetPEB 5677->5683 5678 81fecb GetPEB 5678->5683 5679 80baa9 GetPEB 5679->5683 5681 81e1f8 GetPEB RtlAllocateHeap 5681->5683 5682 822d0a GetPEB 5682->5683 5683->5666 5683->5667 5683->5669 5683->5670 5683->5671 5683->5672 5683->5673 5683->5674 5683->5676 5683->5677 5683->5678 5683->5679 5683->5681 5683->5682 5684 80bfbe 3 API calls 5683->5684 5768 80f726 5683->5768 5772 81d8db 5683->5772 5684->5683 5691 81cfe9 5685->5691 5686 81d0f1 5686->5061 5687 81d0f3 5689 80f0e9 GetPEB 5687->5689 5689->5686 5691->5686 5691->5687 5782 810ebc 5691->5782 5786 823263 5691->5786 5794 80e2bd 5691->5794 5711 802ad8 5693->5711 5694 81c387 GetPEB 5694->5711 5695 802d78 5696 8185ff 2 API calls 5695->5696 5699 802da8 5696->5699 5697 802d64 5702 821538 2 API calls 5697->5702 5701 802d62 5699->5701 5703 821538 2 API calls 5699->5703 5701->5061 5702->5701 5703->5697 5704 820db1 GetPEB 5704->5711 5705 821538 GetPEB FindCloseChangeNotification 5705->5711 5707 8109dd GetPEB 5707->5711 5708 80baa9 GetPEB 5708->5711 5709 81e1f8 2 API calls 5709->5711 5710 822d0a GetPEB 5710->5711 5711->5694 5711->5695 5711->5697 5711->5701 5711->5704 5711->5705 5711->5707 5711->5708 5711->5709 5711->5710 5712 81fecb GetPEB 5711->5712 5713 80bfbe 3 API calls 5711->5713 5807 819774 5711->5807 5815 81017b 5711->5815 5824 81bc6b 5711->5824 5712->5711 5713->5711 5733 81aadf 5714->5733 5715 81ac24 5716 801a34 GetPEB 5715->5716 5718 81ac51 5716->5718 5717 81ac1f 5717->5061 5720 81e1f8 2 API calls 5718->5720 5719 820db1 GetPEB 5719->5733 5721 81ac74 5720->5721 5723 822d0a GetPEB 5721->5723 5722 8109dd GetPEB 5722->5733 5725 81acaf 5723->5725 5724 80baa9 GetPEB 5724->5733 5726 81fecb GetPEB 5725->5726 5728 81accf 5726->5728 5727 81e1f8 2 API calls 5727->5733 5729 8185ff 2 API calls 5728->5729 5729->5717 5730 822d0a GetPEB 5730->5733 5731 81fecb GetPEB 5731->5733 5732 80bfbe 3 API calls 5732->5733 5733->5715 5733->5717 5733->5719 5733->5722 5733->5724 5733->5727 5733->5730 5733->5731 5733->5732 5739 82307f 5734->5739 5735 82318a 5735->5061 5736 82318c 5738 80f0e9 GetPEB 5736->5738 5737 823263 GetPEB 5737->5739 5738->5735 5739->5735 5739->5736 5739->5737 5740 810ebc GetPEB 5739->5740 5741 80e2bd GetPEB 5739->5741 5740->5739 5741->5739 5743 80bac2 5742->5743 5744 80dc1b GetPEB 5743->5744 5745 80bb97 5744->5745 5745->5642 5750 80bfd7 5746->5750 5747 8245ca 2 API calls 5747->5750 5748 80c273 5749 821538 2 API calls 5748->5749 5751 80c271 5749->5751 5750->5747 5750->5748 5750->5751 5753 81c41a 5750->5753 5751->5642 5754 81c440 5753->5754 5755 80eb52 GetPEB 5754->5755 5756 81c4e1 5755->5756 5756->5750 5758 80f0ff 5757->5758 5761 80f8a9 5758->5761 5762 80f8c6 5761->5762 5763 80eb52 GetPEB 5762->5763 5764 80f1c3 5763->5764 5764->5662 5766 80eb52 GetPEB 5765->5766 5767 822000 5766->5767 5767->5683 5769 80f758 5768->5769 5770 80eb52 GetPEB 5769->5770 5771 80f7dc 5770->5771 5771->5683 5777 81d8fb 5772->5777 5773 80c5d8 2 API calls 5773->5777 5774 81db95 5778 81cad5 5774->5778 5775 81db93 5775->5683 5777->5773 5777->5774 5777->5775 5779 81caef 5778->5779 5780 81c9b0 GetPEB 5779->5780 5781 81cbda 5780->5781 5781->5775 5783 810ede 5782->5783 5784 80eb52 GetPEB 5783->5784 5785 810f72 5784->5785 5785->5691 5787 82327e 5786->5787 5791 823556 5787->5791 5799 8162c7 5787->5799 5790 81c9b0 GetPEB 5792 82350d 5790->5792 5791->5691 5792->5791 5793 81c9b0 GetPEB 5792->5793 5793->5792 5797 80e2d8 5794->5797 5795 80e3f5 5795->5691 5796 80483c GetPEB 5796->5797 5797->5795 5797->5796 5803 801afd 5797->5803 5800 8162eb 5799->5800 5801 80eb52 GetPEB 5800->5801 5802 816383 5801->5802 5802->5790 5802->5791 5804 801b10 5803->5804 5805 80eb52 GetPEB 5804->5805 5806 801bba 5805->5806 5806->5797 5809 819797 5807->5809 5810 81bc6b GetPEB 5809->5810 5811 819956 5809->5811 5814 819967 5809->5814 5827 8072c4 5809->5827 5831 80f9c1 5809->5831 5810->5809 5813 821538 2 API calls 5811->5813 5813->5814 5814->5711 5816 8101c2 5815->5816 5819 81fe2a GetPEB 5816->5819 5820 8106f1 5816->5820 5821 81e1f8 2 API calls 5816->5821 5823 81fecb GetPEB 5816->5823 5835 80473d 5816->5835 5839 814178 5816->5839 5843 817952 5816->5843 5819->5816 5820->5711 5821->5816 5823->5816 5825 80eb52 GetPEB 5824->5825 5826 81bd0a 5825->5826 5826->5711 5828 8072e0 5827->5828 5829 80eb52 GetPEB 5828->5829 5830 80737c 5829->5830 5830->5809 5832 80f9eb 5831->5832 5833 80eb52 GetPEB 5832->5833 5834 80fa7c 5833->5834 5834->5809 5836 804786 5835->5836 5837 80eb52 GetPEB 5836->5837 5838 80481a 5837->5838 5838->5816 5840 814194 5839->5840 5841 80eb52 GetPEB 5840->5841 5842 814233 5841->5842 5842->5816 5844 817965 5843->5844 5845 80eb52 GetPEB 5844->5845 5846 817a04 5845->5846 5846->5816 5848 80dd30 5847->5848 5849 80dd16 5847->5849 5848->5077 5849->5848 5850 822b09 GetPEB 5849->5850 5850->5849 5857 8241ee 5851->5857 5852 81e1f8 2 API calls 5852->5857 5854 80f96f GetPEB 5854->5857 5855 8243b4 5858 822b09 GetPEB 5855->5858 5856 81fecb GetPEB 5856->5857 5857->5852 5857->5854 5857->5855 5857->5856 5859 80c5d8 2 API calls 5857->5859 5860 8243c9 5857->5860 5865 813d85 5857->5865 5858->5860 5859->5857 5860->5077 5862 80328d 5861->5862 5869 807442 5862->5869 5866 813d9c 5865->5866 5867 80c5d8 2 API calls 5866->5867 5868 813e5b 5867->5868 5868->5857 5868->5868 5872 807462 5869->5872 5870 80c5d8 2 API calls 5870->5872 5872->5870 5874 807576 5872->5874 5875 80331d 5872->5875 5878 818fae 5872->5878 5887 810d04 5872->5887 5892 810f86 5872->5892 5877 822b09 GetPEB 5874->5877 5875->5077 5877->5875 5883 8194f3 5878->5883 5879 81969b 5881 80f7fe GetPEB 5879->5881 5880 819699 5880->5872 5881->5880 5882 81e1f8 GetPEB RtlAllocateHeap 5882->5883 5883->5879 5883->5880 5883->5882 5885 80738a GetPEB 5883->5885 5886 81fecb GetPEB 5883->5886 5909 80bc32 5883->5909 5885->5883 5886->5883 5913 802ebf 5887->5913 5890 822b09 GetPEB 5891 810dde 5890->5891 5891->5872 5908 811c7c 5892->5908 5893 81e1f8 GetPEB RtlAllocateHeap 5893->5908 5895 81c237 GetPEB 5895->5908 5896 802ebf GetPEB 5896->5908 5897 80bc32 GetPEB 5897->5908 5899 812118 5902 80f7fe GetPEB 5899->5902 5901 812116 5901->5872 5902->5901 5904 80738a GetPEB 5904->5908 5906 81fecb GetPEB 5906->5908 5907 81c9b0 GetPEB 5907->5908 5908->5893 5908->5895 5908->5896 5908->5897 5908->5899 5908->5901 5908->5904 5908->5906 5908->5907 5917 803431 5908->5917 5932 8216c0 5908->5932 5936 81c2cf 5908->5936 5940 8243e6 5908->5940 5944 8051e7 5908->5944 5910 80bc62 5909->5910 5911 80eb52 GetPEB 5910->5911 5912 80bd08 5911->5912 5912->5883 5914 802ed3 5913->5914 5915 80eb52 GetPEB 5914->5915 5916 802f74 5915->5916 5916->5890 5931 804267 5917->5931 5918 81e1f8 GetPEB RtlAllocateHeap 5918->5931 5919 822b09 GetPEB 5919->5931 5920 804738 5920->5920 5921 8042a0 5926 80f7fe GetPEB 5921->5926 5922 80f288 GetPEB 5922->5931 5923 80c5d8 2 API calls 5923->5931 5925 8100c5 GetPEB 5925->5931 5927 8042be 5926->5927 5927->5908 5928 80738a GetPEB 5928->5931 5930 81fecb GetPEB 5930->5931 5931->5918 5931->5919 5931->5920 5931->5921 5931->5922 5931->5923 5931->5925 5931->5928 5931->5930 5948 8050e8 5931->5948 5952 8049a4 5931->5952 5933 8216f5 5932->5933 5934 80eb52 GetPEB 5933->5934 5935 8217a1 5934->5935 5935->5908 5937 81c2e5 5936->5937 5938 80eb52 GetPEB 5937->5938 5939 81c370 5938->5939 5939->5908 5941 824405 5940->5941 5942 80eb52 GetPEB 5941->5942 5943 824498 5942->5943 5943->5908 5945 805206 5944->5945 5946 80eb52 GetPEB 5945->5946 5947 8052a5 5946->5947 5947->5908 5949 805123 5948->5949 5950 80eb52 GetPEB 5949->5950 5951 8051c6 5950->5951 5951->5931 5953 8049d5 5952->5953 5954 80eb52 GetPEB 5953->5954 5955 804a6b 5954->5955 5955->5931 5957 8048f4 5956->5957 5958 80eb52 GetPEB 5957->5958 5959 804996 5958->5959 5959->5087 5961 80bf93 5960->5961 5962 8231aa GetPEB 5961->5962 5963 80bfb6 5962->5963 5963->5097 5969 81dfa2 5964->5969 5965 8053d0 GetPEB 5965->5969 5967 81e1f8 2 API calls 5967->5969 5968 802dea GetPEB 5968->5969 5969->5965 5969->5967 5969->5968 5970 81e0e6 5969->5970 5971 81fecb GetPEB 5969->5971 5982 82298d 5969->5982 5970->5106 5971->5969 5973 801cc0 5972->5973 5975 81fe2a GetPEB 5973->5975 5977 801e90 5973->5977 5986 802f80 5973->5986 5990 8106fe 5973->5990 5975->5973 5977->5106 5979 808581 5978->5979 5980 80eb52 GetPEB 5979->5980 5981 80862b 5980->5981 5981->5108 5983 8229a3 5982->5983 5984 80eb52 GetPEB 5983->5984 5985 822a27 5984->5985 5985->5969 5987 802f9f 5986->5987 5988 80eb52 GetPEB 5987->5988 5989 803039 5988->5989 5989->5973 5991 81071c 5990->5991 5992 80eb52 GetPEB 5991->5992 5993 8107dc 5992->5993 5993->5973 6031 8019eb 6032 8019b1 6031->6032 6032->6031 6033 80eb52 GetPEB 6032->6033 6034 801aeb 6033->6034 6035 81befd 6036 8109dd GetPEB 6035->6036 6037 81c1a1 6036->6037 6038 82061d 2 API calls 6037->6038 6039 81c1b8 6038->6039 6040 81e1f8 2 API calls 6039->6040 6047 81c229 6039->6047 6041 81c1d6 6040->6041 6042 822d0a GetPEB 6041->6042 6043 81c1ff 6042->6043 6044 81fecb GetPEB 6043->6044 6045 81c212 6044->6045 6046 80d061 2 API calls 6045->6046 6046->6047

                                                                                                          Executed Functions

                                                                                                          Function 008052B9, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 58libraryCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 337 8052b9-805385 call 81fe29 call 80eb52 LoadLibraryW
                                                                                                          C-Code - Quality: 82%
                                                                                                          			E008052B9(WCHAR* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				void* _t47;
				struct HINSTANCE__* _t59;
				signed int _t61;
				signed int _t62;
				WCHAR* _t68;

				_push(_a12);
				_t68 = __ecx;
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E0081FE29(_t47);
				_v24 = _v24 & 0x00000000;
				_v28 = 0x68392e;
				_v16 = 0xf5950b;
				_v16 = _v16 ^ 0xb3325752;
				_v16 = _v16 ^ 0xe58473b2;
				_v16 = _v16 ^ 0x56462a2c;
				_v8 = 0x3988bb;
				_t61 = 0x3a;
				_v8 = _v8 / _t61;
				_v8 = _v8 + 0xf338;
				_v8 = _v8 << 5;
				_v8 = _v8 ^ 0x0035ea14;
				_v12 = 0xe53120;
				_v12 = _v12 ^ 0xa236e8c8;
				_t62 = 0x62;
				_v12 = _v12 / _t62;
				_v12 = _v12 ^ 0x01ab7b97;
				_v20 = 0x973198;
				_v20 = _v20 * 0x60;
				_v20 = _v20 ^ 0x38bce55b;
				E0080EB52(_t62, _t62, 0xeec842c3, 0xab, 0xa2289af1);
				_t59 = LoadLibraryW(_t68); // executed
				return _t59;
			}














                                                                                                          0x008052c0
                                                                                                          0x008052c3
                                                                                                          0x008052c5
                                                                                                          0x008052c8
                                                                                                          0x008052cc
                                                                                                          0x008052cd
                                                                                                          0x008052d2
                                                                                                          0x008052d9
                                                                                                          0x008052e2
                                                                                                          0x008052e9
                                                                                                          0x008052f0
                                                                                                          0x008052f7
                                                                                                          0x008052fe
                                                                                                          0x0080530a
                                                                                                          0x0080530f
                                                                                                          0x00805314
                                                                                                          0x0080531b
                                                                                                          0x0080531f
                                                                                                          0x00805326
                                                                                                          0x0080532d
                                                                                                          0x00805337
                                                                                                          0x0080533f
                                                                                                          0x00805342
                                                                                                          0x00805349
                                                                                                          0x00805360
                                                                                                          0x00805363
                                                                                                          0x00805376
                                                                                                          0x0080537f
                                                                                                          0x00805385

                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.717016782.0000000000801000.00000020.00000001.sdmp, Offset: 00800000, based on PE: true
                                                                                                          • Associated: 00000005.00000002.717011353.0000000000800000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000005.00000002.717035178.0000000000826000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_800000_rundll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID: LibraryLoad
                                                                                                          • String ID: 1$,*FV$.9h
                                                                                                          • API String ID: 1029625771-1870595533
                                                                                                          • Opcode ID: 47e2a649f6d09089b8114036349e08445583c90553a88ce36019ef6e82d966d0
                                                                                                          • Instruction ID: 24b590e08148800bf36f541599371649230fbde5ccc2f0987d2e8fb45ebdb921
                                                                                                          • Opcode Fuzzy Hash: 47e2a649f6d09089b8114036349e08445583c90553a88ce36019ef6e82d966d0
                                                                                                          • Instruction Fuzzy Hash: 142153B6D00208FBEF08DFA8D94A9EEBBB5FB40314F108198E915B6251E3B45B14DF91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10002D40, Relevance: 6.3, APIs: 4, Instructions: 331COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 407 10002d40-10002d67 call 100024a0 410 10002d70-10002d81 407->410 411 10002d69-10002d6b 407->411 413 10002d83-10002d90 410->413 414 10002d95-10002db0 call 100024a0 410->414 412 1000315a-1000315d 411->412 413->412 418 10002db2-10002db4 414->418 419 10002db9-10002dce 414->419 418->412 420 10002dd0-10002ddd 419->420 421 10002de2-10002def 419->421 420->412 422 10002df1-10002dfe 421->422 423 10002e03-10002e0c 421->423 422->412 425 10002e20-10002e41 423->425 426 10002e0e-10002e1b 423->426 428 10002e55-10002e5f 425->428 426->412 430 10002e61-10002e68 428->430 431 10002e97-10002ed2 GetNativeSystemInfo 428->431 434 10002e78-10002e84 430->434 435 10002e6a-10002e76 430->435 432 10002ed4-10002ee1 431->432 433 10002ee6-10002f05 VirtualAlloc 431->433 432->412 437 10002f32-10002f4a 433->437 438 10002f07-10002f21 VirtualAlloc 433->438 436 10002e87-10002e8d 434->436 435->436 439 10002e95 436->439 440 10002e8f-10002e92 436->440 447 10002f6c-10002fd0 call 100024a0 437->447 448 10002f4c-10002f67 437->448 438->437 442 10002f23-10002f2d 438->442 439->428 440->439 442->412 452 10002fd2 447->452 453 10002fdc-10003041 VirtualAlloc call 10002320 call 100024d0 447->453 448->412 455 1000314c-10003158 call 10003310 452->455 462 10003043 453->462 463 1000304d-1000305e 453->463 455->412 462->455 464 10003060-10003076 call 100029c0 463->464 465 10003078-1000307b 463->465 467 10003082-10003090 call 10002ab0 464->467 465->467 471 10003092 467->471 472 1000309c-100030a3 call 100027c0 467->472 471->455 474 100030a8-100030aa 472->474 475 100030b6-100030c4 call 10002940 474->475 476 100030ac 474->476 479 100030c6 475->479 480 100030cd-100030d6 475->480 476->455 479->455 481 100030d8-100030df 480->481 482 1000313d-10003140 480->482 483 100030e1-1000310d 481->483 484 1000312a-10003138 481->484 485 10003147-1000314a 482->485 488 1000311e-10003128 483->488 489 1000310f-1000311a 483->489 486 1000313b 484->486 485->412 485->455 486->485 488->486 489->455
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.718878727.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000005.00000002.718868533.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 122cb37b0b289274c351768ce399d3c8904b2a50bbd0f0c9b0cc6582413b1c49
                                                                                                          • Instruction ID: 8eda3ac1f8f3e078098bdc719848e1594ce6d4798074e02e4610946cd2a58ef5
                                                                                                          • Opcode Fuzzy Hash: 122cb37b0b289274c351768ce399d3c8904b2a50bbd0f0c9b0cc6582413b1c49
                                                                                                          • Instruction Fuzzy Hash: 7CE1E774A00209DFEB05CF94C994AAEB7B6FF8C344F208559E909AB399D770ED42CB54
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 00821538, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 66COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          C-Code - Quality: 95%
                                                                                                          			E00821538(void* __ecx, void* __edx, void* _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				void* _t59;
				int _t75;
				signed int _t77;
				signed int _t78;
				signed int _t79;
				signed int _t80;

				_push(_a4);
				E0081FE29(_t59);
				_v24 = _v24 & 0x00000000;
				_v32 = 0x73095a;
				_v28 = 0xd34a52;
				_v16 = 0xb3a153;
				_t77 = 0x73;
				_v16 = _v16 / _t77;
				_v16 = _v16 + 0x4fd2;
				_v16 = _v16 ^ 0xee3af97f;
				_v16 = _v16 ^ 0xee3510f4;
				_v20 = 0xee2064;
				_v20 = _v20 << 0xe;
				_v20 = _v20 ^ 0x88190a0a;
				_v12 = 0x72c7a5;
				_v12 = _v12 + 0x7839;
				_t78 = 0x77;
				_v12 = _v12 / _t78;
				_t79 = 0x76;
				_v12 = _v12 / _t79;
				_v12 = _v12 ^ 0x00040652;
				_v8 = 0x10c7fb;
				_t80 = 0x6c;
				_v8 = _v8 * 0x70;
				_v8 = _v8 << 8;
				_v8 = _v8 / _t80;
				_v8 = _v8 ^ 0x00c83f8f;
				E0080EB52(_t80, _t80, 0x2aa4bac1, 0x108, 0xa2289af1);
				_t75 = FindCloseChangeNotification(_a4); // executed
				return _t75;
			}
















                                                                                                          0x0082153e
                                                                                                          0x00821543
                                                                                                          0x00821548
                                                                                                          0x0082154f
                                                                                                          0x00821558
                                                                                                          0x0082155f
                                                                                                          0x0082156b
                                                                                                          0x00821570
                                                                                                          0x00821575
                                                                                                          0x0082157c
                                                                                                          0x00821583
                                                                                                          0x0082158a
                                                                                                          0x00821591
                                                                                                          0x00821595
                                                                                                          0x0082159c
                                                                                                          0x008215a3
                                                                                                          0x008215ad
                                                                                                          0x008215b2
                                                                                                          0x008215ba
                                                                                                          0x008215bf
                                                                                                          0x008215c4
                                                                                                          0x008215cb
                                                                                                          0x008215d6
                                                                                                          0x008215e6
                                                                                                          0x008215e9
                                                                                                          0x008215f3
                                                                                                          0x008215f6
                                                                                                          0x0082160a
                                                                                                          0x00821615
                                                                                                          0x0082161a

                                                                                                          APIs
                                                                                                          • FindCloseChangeNotification.KERNEL32(00040652), ref: 00821615
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.717016782.0000000000801000.00000020.00000001.sdmp, Offset: 00800000, based on PE: true
                                                                                                          • Associated: 00000005.00000002.717011353.0000000000800000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000005.00000002.717035178.0000000000826000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_800000_rundll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID: ChangeCloseFindNotification
                                                                                                          • String ID: Zs$d
                                                                                                          • API String ID: 2591292051-3879001491
                                                                                                          • Opcode ID: 38bb643fa24bb4614003e7abf6af2ef3a1b5f649b6f440d52b37eb84a0984821
                                                                                                          • Instruction ID: ee37a09c83c218d69ddffe6e5867ffe177d10e78055fa1f3a8404f891fdd9b28
                                                                                                          • Opcode Fuzzy Hash: 38bb643fa24bb4614003e7abf6af2ef3a1b5f649b6f440d52b37eb84a0984821
                                                                                                          • Instruction Fuzzy Hash: A0212CB5D40209EBEB04DFA5D94A9DEBBB1EB40314F10C099E618BB291D7B95B548F80
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0080D061, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 58fileCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 496 80d061-80d14b call 81fe29 call 80eb52 DeleteFileW
                                                                                                          C-Code - Quality: 85%
                                                                                                          			E0080D061(WCHAR* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				void* _t54;
				int _t63;
				signed int _t65;
				WCHAR* _t69;

				_push(_a12);
				_t69 = __ecx;
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E0081FE29(_t54);
				_v28 = _v28 & 0x00000000;
				_v24 = _v24 & 0x00000000;
				_v36 = 0xa62646;
				_v32 = 0x27199b;
				_v20 = 0x942c55;
				_v20 = _v20 | 0xf0368afe;
				_v20 = _v20 << 0xa;
				_v20 = _v20 ^ 0xfbcaf84d;
				_v20 = _v20 ^ 0x217d6c33;
				_v16 = 0xf28622;
				_v16 = _v16 >> 0xe;
				_v16 = _v16 | 0xeb4a9877;
				_v16 = _v16 ^ 0x2aded5e4;
				_v16 = _v16 ^ 0xc19eb21f;
				_v12 = 0x4a5837;
				_v12 = _v12 ^ 0xa3e571b7;
				_v12 = _v12 + 0xffff6305;
				_t65 = 0x6e;
				_v12 = _v12 / _t65;
				_v12 = _v12 ^ 0x01794185;
				_v8 = 0xa209ee;
				_v8 = _v8 + 0x62d2;
				_v8 = _v8 ^ 0x3d892cf6;
				_v8 = _v8 | 0x5ca7d1ce;
				_v8 = _v8 ^ 0x7da8dabc;
				E0080EB52(_t65, _t65, 0x74c3d0b1, 0x1a1, 0xa2289af1);
				_t63 = DeleteFileW(_t69); // executed
				return _t63;
			}















                                                                                                          0x0080d068
                                                                                                          0x0080d06b
                                                                                                          0x0080d06d
                                                                                                          0x0080d070
                                                                                                          0x0080d074
                                                                                                          0x0080d075
                                                                                                          0x0080d07a
                                                                                                          0x0080d081
                                                                                                          0x0080d087
                                                                                                          0x0080d08e
                                                                                                          0x0080d095
                                                                                                          0x0080d09c
                                                                                                          0x0080d0a3
                                                                                                          0x0080d0a7
                                                                                                          0x0080d0ae
                                                                                                          0x0080d0b5
                                                                                                          0x0080d0bc
                                                                                                          0x0080d0c0
                                                                                                          0x0080d0c7
                                                                                                          0x0080d0ce
                                                                                                          0x0080d0d5
                                                                                                          0x0080d0dc
                                                                                                          0x0080d0e3
                                                                                                          0x0080d0ef
                                                                                                          0x0080d0f7
                                                                                                          0x0080d0fa
                                                                                                          0x0080d101
                                                                                                          0x0080d108
                                                                                                          0x0080d10f
                                                                                                          0x0080d116
                                                                                                          0x0080d11d
                                                                                                          0x0080d13c
                                                                                                          0x0080d145
                                                                                                          0x0080d14b

                                                                                                          APIs
                                                                                                          • DeleteFileW.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 0080D145
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.717016782.0000000000801000.00000020.00000001.sdmp, Offset: 00800000, based on PE: true
                                                                                                          • Associated: 00000005.00000002.717011353.0000000000800000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000005.00000002.717035178.0000000000826000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_800000_rundll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID: DeleteFile
                                                                                                          • String ID: 3l}!$7XJ
                                                                                                          • API String ID: 4033686569-2205417827
                                                                                                          • Opcode ID: 10709235247fc134180b3dbd0d2fc7697fcbb658dcad94b6e8f128d82acf9f3f
                                                                                                          • Instruction ID: 38d83f1728753852a5626f6b9a301f6cd647a8906bd1d9ea6cb32e01afeeb078
                                                                                                          • Opcode Fuzzy Hash: 10709235247fc134180b3dbd0d2fc7697fcbb658dcad94b6e8f128d82acf9f3f
                                                                                                          • Instruction Fuzzy Hash: 772145B5D00318AFDF08DFA4C98A9DEFBB4FF14304F108188E966A6220D7B85B558F91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 008245CA, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 68fileCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 551 8245ca-8246bc call 81fe29 call 80eb52 CreateFileW
                                                                                                          C-Code - Quality: 56%
                                                                                                          			E008245CA(WCHAR* __ecx, void* __edx, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, long _a24, intOrPtr _a28, intOrPtr _a32, long _a36, intOrPtr _a40, long _a44, long _a48) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				struct _SECURITY_ATTRIBUTES* _v24;
				intOrPtr _v28;
				void* _t51;
				void* _t60;
				WCHAR* _t64;

				_push(_a48);
				_t64 = __ecx;
				_push(_a44);
				_push(_a40);
				_push(_a36);
				_push(_a32);
				_push(_a28);
				_push(_a24);
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(0);
				_push(0);
				_push(__ecx);
				E0081FE29(_t51);
				_v28 = 0x204d4f;
				_v24 = 0;
				_v20 = 0xd27984;
				_v20 = _v20 | 0x43788b11;
				_v20 = _v20 ^ 0x43f3df42;
				_v16 = 0xf976f1;
				_v16 = _v16 + 0xffff3d74;
				_v16 = _v16 | 0xfc5c4419;
				_v16 = _v16 ^ 0xfcfdb6fc;
				_v12 = 0xb7df7c;
				_v12 = _v12 + 0xffff3658;
				_v12 = _v12 * 0x13;
				_v12 = _v12 ^ 0x1f30f970;
				_v12 = _v12 ^ 0x12ab006a;
				_v8 = 0x8ba8ca;
				_v8 = _v8 | 0x62aa166a;
				_v8 = _v8 + 0xa2f6;
				_v8 = _v8 * 0x55;
				_v8 = _v8 ^ 0xc33acf6c;
				E0080EB52(__ecx, __ecx, 0xbc17bbde, 0x19f, 0xa2289af1);
				_t60 = CreateFileW(_t64, _a24, _a48, 0, _a44, _a36, 0); // executed
				return _t60;
			}












                                                                                                          0x008245d2
                                                                                                          0x008245d7
                                                                                                          0x008245d9
                                                                                                          0x008245dc
                                                                                                          0x008245df
                                                                                                          0x008245e2
                                                                                                          0x008245e5
                                                                                                          0x008245e8
                                                                                                          0x008245eb
                                                                                                          0x008245ee
                                                                                                          0x008245f1
                                                                                                          0x008245f4
                                                                                                          0x008245f5
                                                                                                          0x008245f7
                                                                                                          0x008245f8
                                                                                                          0x008245fd
                                                                                                          0x00824607
                                                                                                          0x0082460a
                                                                                                          0x00824611
                                                                                                          0x00824618
                                                                                                          0x0082461f
                                                                                                          0x00824626
                                                                                                          0x0082462d
                                                                                                          0x00824634
                                                                                                          0x0082463b
                                                                                                          0x00824642
                                                                                                          0x0082465d
                                                                                                          0x00824660
                                                                                                          0x00824667
                                                                                                          0x0082466e
                                                                                                          0x00824675
                                                                                                          0x0082467c
                                                                                                          0x00824688
                                                                                                          0x0082468b
                                                                                                          0x0082469e
                                                                                                          0x008246b5
                                                                                                          0x008246bc

                                                                                                          APIs
                                                                                                          • CreateFileW.KERNEL32(?,00000057,?,00000000,?,?,00000000), ref: 008246B5
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.717016782.0000000000801000.00000020.00000001.sdmp, Offset: 00800000, based on PE: true
                                                                                                          • Associated: 00000005.00000002.717011353.0000000000800000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000005.00000002.717035178.0000000000826000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_800000_rundll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID: CreateFile
                                                                                                          • String ID: OM
                                                                                                          • API String ID: 823142352-4198367855
                                                                                                          • Opcode ID: c9e2e688d9aa6a43dcdad6de9a4dd150b1ce22289e56966cf6fc1244f0671eef
                                                                                                          • Instruction ID: 91d19b5f4bf0e76096ddb464a8bd6223cc24841d55e98b9ecf21816a060953dc
                                                                                                          • Opcode Fuzzy Hash: c9e2e688d9aa6a43dcdad6de9a4dd150b1ce22289e56966cf6fc1244f0671eef
                                                                                                          • Instruction Fuzzy Hash: 0821EE72801249BBCF05DFA9CD46CDEBFB5FF88304F508199F915A6220D3768A61AF90
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0080EE62, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 46serviceCOMMON
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 65%
                                                                                                          			E0080EE62(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, int _a16, short* _a20) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				void* _t34;
				void* _t41;
				void* _t44;

				_push(_a20);
				_t44 = __edx;
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0081FE29(_t34);
				_v20 = 0xea751a;
				_v20 = _v20 | 0xe9b69993;
				_v20 = _v20 ^ 0xe9f29d6b;
				_v16 = 0x605393;
				_v16 = _v16 | 0xcc974431;
				_v16 = _v16 ^ 0xccf8b40a;
				_v12 = 0x102a1a;
				_v12 = _v12 + 0xcb09;
				_v12 = _v12 ^ 0x001131dd;
				_v8 = 0x570378;
				_v8 = _v8 >> 5;
				_v8 = _v8 ^ 0xef617e60;
				_v8 = _v8 ^ 0xef696bf9;
				E0080EB52(__ecx, __ecx, 0x5c98ffad, 5, 0x1f76e49f);
				_t41 = OpenServiceW(_t44, _a20, _a16); // executed
				return _t41;
			}










                                                                                                          0x0080ee69
                                                                                                          0x0080ee6c
                                                                                                          0x0080ee6e
                                                                                                          0x0080ee71
                                                                                                          0x0080ee74
                                                                                                          0x0080ee77
                                                                                                          0x0080ee7a
                                                                                                          0x0080ee7b
                                                                                                          0x0080ee7c
                                                                                                          0x0080ee81
                                                                                                          0x0080ee8b
                                                                                                          0x0080ee92
                                                                                                          0x0080ee99
                                                                                                          0x0080eea0
                                                                                                          0x0080eea7
                                                                                                          0x0080eeae
                                                                                                          0x0080eeb5
                                                                                                          0x0080eebc
                                                                                                          0x0080eec3
                                                                                                          0x0080eeca
                                                                                                          0x0080eece
                                                                                                          0x0080eed5
                                                                                                          0x0080eef6
                                                                                                          0x0080ef05
                                                                                                          0x0080ef0b

                                                                                                          APIs
                                                                                                          • OpenServiceW.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0080EF05
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.717016782.0000000000801000.00000020.00000001.sdmp, Offset: 00800000, based on PE: true
                                                                                                          • Associated: 00000005.00000002.717011353.0000000000800000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000005.00000002.717035178.0000000000826000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_800000_rundll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID: OpenService
                                                                                                          • String ID: `~a
                                                                                                          • API String ID: 3098006287-142445290
                                                                                                          • Opcode ID: 6383736253cef5703bc9a023e52ac128717e5205db758edbe98fcd92a09a10c3
                                                                                                          • Instruction ID: e5c996151a2234f868a83336fa1ca0c15fe0327b0dabb7529a50f0d238dfcf5d
                                                                                                          • Opcode Fuzzy Hash: 6383736253cef5703bc9a023e52ac128717e5205db758edbe98fcd92a09a10c3
                                                                                                          • Instruction Fuzzy Hash: 0A11F575C01218FBCF48DFA5DD0A8DEBFB5EF04310F108588F91566261D3758A20AF91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10002690, Relevance: 3.1, APIs: 2, Instructions: 98COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • VirtualFree.KERNELBASE(?,00000000,00004000), ref: 10002704
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.718878727.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000005.00000002.718868533.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: FreeVirtual
                                                                                                          • String ID:
                                                                                                          • API String ID: 1263568516-0
                                                                                                          • Opcode ID: 3c4ab6a1de08e5656c1cdd8e190091452f899426c6fe537940d40abfc070cfe1
                                                                                                          • Instruction ID: e47a27f64338b3e84d430cb899d867ed3d67d72a97b2c0655aeaec8263a425f7
                                                                                                          • Opcode Fuzzy Hash: 3c4ab6a1de08e5656c1cdd8e190091452f899426c6fe537940d40abfc070cfe1
                                                                                                          • Instruction Fuzzy Hash: 8841B77461410AAFEB48CF58C490BA9B7B2FB88364F14C659EC1A9F355C731EE41CB84
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0081648A, Relevance: 1.6, APIs: 1, Instructions: 50memoryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 76%
                                                                                                          			E0081648A(long __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, void* _a12, long _a16) {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				signed int _v20;
				void* _t41;
				void* _t49;
				long _t52;

				_push(_a16);
				_t52 = __ecx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E0081FE29(_t41);
				_v12 = 0x3cd3f;
				_v12 = _v12 << 3;
				_v12 = _v12 | 0xc677f757;
				_v12 = _v12 >> 7;
				_v12 = _v12 ^ 0x0188bcff;
				_v20 = 0x40fc9e;
				_v20 = _v20 << 4;
				_v20 = _v20 ^ 0x040306b1;
				_v16 = 0x159e9f;
				_v16 = _v16 + 0xffffd0d5;
				_v16 = _v16 * 0x33;
				_v16 = _v16 ^ 0x04433238;
				_v8 = 0x8a430d;
				_v8 = _v8 + 0xffffdfbc;
				_v8 = _v8 | 0x5356d001;
				_v8 = _v8 + 0x638e;
				_v8 = _v8 ^ 0x53d0144a;
				E0080EB52(__ecx, __ecx, 0x958aafc8, 0x1c3, 0xa2289af1);
				_t49 = RtlAllocateHeap(_a12, _a16, _t52); // executed
				return _t49;
			}










                                                                                                          0x00816491
                                                                                                          0x00816494
                                                                                                          0x00816496
                                                                                                          0x00816499
                                                                                                          0x0081649c
                                                                                                          0x008164a0
                                                                                                          0x008164a1
                                                                                                          0x008164a6
                                                                                                          0x008164b0
                                                                                                          0x008164b4
                                                                                                          0x008164bb
                                                                                                          0x008164bf
                                                                                                          0x008164c6
                                                                                                          0x008164cd
                                                                                                          0x008164d1
                                                                                                          0x008164d8
                                                                                                          0x008164df
                                                                                                          0x008164fa
                                                                                                          0x008164fd
                                                                                                          0x00816504
                                                                                                          0x0081650b
                                                                                                          0x00816512
                                                                                                          0x00816519
                                                                                                          0x00816520
                                                                                                          0x00816534
                                                                                                          0x00816543
                                                                                                          0x00816549

                                                                                                          APIs
                                                                                                          • RtlAllocateHeap.NTDLL(040306B1,?,ED94606E,?,?,?,?,?,?,?,?,?,?,?), ref: 00816543
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.717016782.0000000000801000.00000020.00000001.sdmp, Offset: 00800000, based on PE: true
                                                                                                          • Associated: 00000005.00000002.717011353.0000000000800000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000005.00000002.717035178.0000000000826000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_800000_rundll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID: AllocateHeap
                                                                                                          • String ID:
                                                                                                          • API String ID: 1279760036-0
                                                                                                          • Opcode ID: f41072fe55694ed81fb5a2d434f63a6d1651ccbd0ba08c91d6bc4f92d8fba8a5
                                                                                                          • Instruction ID: ff7cae2c350f10f4bb541257a4d804c21483172d1102135c806daea6136e8dd0
                                                                                                          • Opcode Fuzzy Hash: f41072fe55694ed81fb5a2d434f63a6d1651ccbd0ba08c91d6bc4f92d8fba8a5
                                                                                                          • Instruction Fuzzy Hash: 2D11F2B2C0121DBBDF05DFA5D9098CEBBB4FB00314F108598E911A6260E3B59B149F91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0081E8B6, Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 70%
                                                                                                          			E0081E8B6(void* __ecx, void* __edx, intOrPtr _a4, int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				unsigned int _v16;
				signed int _v20;
				void* _t29;
				void* _t37;

				_push(_a16);
				_push(_a12);
				_push(0);
				_push(_a4);
				_push(0);
				E0081FE29(_t29);
				_v20 = 0xc8e76b;
				_v20 = _v20 | 0x270203a1;
				_v20 = _v20 ^ 0x27c97096;
				_v16 = 0x55aebc;
				_v16 = _v16 >> 2;
				_v16 = _v16 ^ 0x00171a80;
				_v12 = 0xfad6fe;
				_v12 = _v12 ^ 0xd14a4d1d;
				_v12 = _v12 ^ 0xd1b10da7;
				_v8 = 0x428060;
				_v8 = _v8 * 0x54;
				_v8 = _v8 ^ 0x15de1a76;
				E0080EB52(__ecx, __ecx, 0x3c0b385, 0x1bc, 0x1f76e49f);
				_t37 = OpenSCManagerW(0, 0, _a12); // executed
				return _t37;
			}









                                                                                                          0x0081e8bd
                                                                                                          0x0081e8c2
                                                                                                          0x0081e8c5
                                                                                                          0x0081e8c6
                                                                                                          0x0081e8ca
                                                                                                          0x0081e8cb
                                                                                                          0x0081e8d0
                                                                                                          0x0081e8da
                                                                                                          0x0081e8e1
                                                                                                          0x0081e8e8
                                                                                                          0x0081e8ef
                                                                                                          0x0081e8f3
                                                                                                          0x0081e8fa
                                                                                                          0x0081e901
                                                                                                          0x0081e908
                                                                                                          0x0081e90f
                                                                                                          0x0081e92a
                                                                                                          0x0081e92d
                                                                                                          0x0081e941
                                                                                                          0x0081e94e
                                                                                                          0x0081e954

                                                                                                          APIs
                                                                                                          • OpenSCManagerW.ADVAPI32(00000000,00000000,27C97096,?,?,?,?,?,?,?,?,?,?,?), ref: 0081E94E
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.717016782.0000000000801000.00000020.00000001.sdmp, Offset: 00800000, based on PE: true
                                                                                                          • Associated: 00000005.00000002.717011353.0000000000800000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000005.00000002.717035178.0000000000826000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_800000_rundll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID: ManagerOpen
                                                                                                          • String ID:
                                                                                                          • API String ID: 1889721586-0
                                                                                                          • Opcode ID: 938ae55f57f10c9ec9f30609793a9938b44550d2e06b30d2dbdd077d207e708c
                                                                                                          • Instruction ID: 8481507c8de43060657666dbceac4cbf4077e0e986b8cb3b02ece97f612d9210
                                                                                                          • Opcode Fuzzy Hash: 938ae55f57f10c9ec9f30609793a9938b44550d2e06b30d2dbdd077d207e708c
                                                                                                          • Instruction Fuzzy Hash: 3C11277190221DFB9B04EFE89D468DFBFB8FF04304F108598E925B2211D3B18B149B91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0081D11A, Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 100%
                                                                                                          			E0081D11A() {
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				void* _t39;

				_v24 = _v24 & 0x00000000;
				_v36 = 0x78f5c7;
				_v32 = 0xa12bb9;
				_v28 = 0x4eca09;
				_v8 = 0x8b256f;
				_v8 = _v8 << 0xb;
				_v8 = _v8 ^ 0x4a7d0011;
				_v8 = _v8 >> 9;
				_v8 = _v8 ^ 0x00073d60;
				_v20 = 0x1e549a;
				_v20 = _v20 + 0xffffad33;
				_v20 = _v20 ^ 0x00134b4f;
				_v16 = 0x8dd9dd;
				_v16 = _v16 << 3;
				_v16 = _v16 ^ 0x0460bc3c;
				_v12 = 0x358059;
				_v12 = _v12 + 0xb97b;
				_v12 = _v12 ^ 0x003502df;
				E0080EB52(_t39, _t39, 0x83891850, 0x1c, 0xa2289af1);
				ExitProcess(0);
			}












                                                                                                          0x0081d120
                                                                                                          0x0081d124
                                                                                                          0x0081d12b
                                                                                                          0x0081d132
                                                                                                          0x0081d139
                                                                                                          0x0081d140
                                                                                                          0x0081d144
                                                                                                          0x0081d14b
                                                                                                          0x0081d14f
                                                                                                          0x0081d156
                                                                                                          0x0081d15d
                                                                                                          0x0081d164
                                                                                                          0x0081d16b
                                                                                                          0x0081d172
                                                                                                          0x0081d176
                                                                                                          0x0081d17d
                                                                                                          0x0081d184
                                                                                                          0x0081d18b
                                                                                                          0x0081d1ac
                                                                                                          0x0081d1b6

                                                                                                          APIs
                                                                                                          • ExitProcess.KERNEL32(00000000), ref: 0081D1B6
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.717016782.0000000000801000.00000020.00000001.sdmp, Offset: 00800000, based on PE: true
                                                                                                          • Associated: 00000005.00000002.717011353.0000000000800000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000005.00000002.717035178.0000000000826000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_800000_rundll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID: ExitProcess
                                                                                                          • String ID:
                                                                                                          • API String ID: 621844428-0
                                                                                                          • Opcode ID: 67c658d72cc930f45ab36e019061580956781c758de54a32820380ba4476f13f
                                                                                                          • Instruction ID: 7a7056be144821eba662548b5d8d4640c36927004452e958cc1f4dde9f0c2212
                                                                                                          • Opcode Fuzzy Hash: 67c658d72cc930f45ab36e019061580956781c758de54a32820380ba4476f13f
                                                                                                          • Instruction Fuzzy Hash: B01100B1C4030CEBDB44DFE5D94A69EBBB0EB00708F108588D521B6250D3B89A489F91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 100024D0, Relevance: 1.4, APIs: 1, Instructions: 115memoryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • VirtualAlloc.KERNEL32(?,00000000,00001000,00000004), ref: 100025CC
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.718878727.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000005.00000002.718868533.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AllocVirtual
                                                                                                          • String ID:
                                                                                                          • API String ID: 4275171209-0
                                                                                                          • Opcode ID: d2bbee85c6cabd151e34b26d14f83d277689191624d3873c1df0f1bcce928bde
                                                                                                          • Instruction ID: f227e8c1e280d8d0b8d11f9a2f1445d4c625449e48c39147985fdcb30a9e5b67
                                                                                                          • Opcode Fuzzy Hash: d2bbee85c6cabd151e34b26d14f83d277689191624d3873c1df0f1bcce928bde
                                                                                                          • Instruction Fuzzy Hash: FE51E9B4A0010AEFDB04CF94C990AAEB7F1FF48345F248598E905AB345D370EE91CBA5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 0082061D, Relevance: 1.3, APIs: 1, Instructions: 52stringCOMMON
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 79%
                                                                                                          			E0082061D(signed int __ecx, WCHAR* __edx, WCHAR* _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				void* _t44;
				int _t53;
				WCHAR* _t56;

				_push(_a12);
				_t56 = __edx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0081FE29(_t44);
				_v24 = _v24 & 0x00000000;
				_v28 = 0xcd60b7;
				_v12 = 0x7257ab;
				_v12 = _v12 << 0xd;
				_v12 = _v12 + 0x8f69;
				_v12 = _v12 * 0x4c;
				_v12 = _v12 ^ 0x410f7a13;
				_v8 = 0x7b4696;
				_v8 = _v8 + 0xffff4950;
				_v8 = _v8 | 0x2a0f624b;
				_v8 = _v8 * 0x3a;
				_v8 = _v8 ^ 0xa0f3ec54;
				_v20 = 0x8a2161;
				_v20 = _v20 + 0xffff45ea;
				_v20 = _v20 ^ 0x1b6c7fa6;
				_v20 = _v20 ^ 0x1be8dede;
				_v16 = 0xdcc12a;
				_v16 = _v16 + 0xb9f4;
				_v16 = _v16 + 0xffffcfef;
				_v16 = _v16 ^ 0x00d9de04;
				E0080EB52(__ecx, __ecx, 0xb7861dce, 0x3e, 0xa2289af1);
				_t53 = lstrcmpiW(_a4, _t56); // executed
				return _t53;
			}












                                                                                                          0x00820624
                                                                                                          0x00820627
                                                                                                          0x00820629
                                                                                                          0x0082062c
                                                                                                          0x0082062f
                                                                                                          0x00820630
                                                                                                          0x00820631
                                                                                                          0x00820636
                                                                                                          0x0082063d
                                                                                                          0x00820644
                                                                                                          0x0082064b
                                                                                                          0x0082064f
                                                                                                          0x00820667
                                                                                                          0x0082066a
                                                                                                          0x00820671
                                                                                                          0x00820678
                                                                                                          0x0082067f
                                                                                                          0x0082068b
                                                                                                          0x0082068e
                                                                                                          0x00820695
                                                                                                          0x0082069c
                                                                                                          0x008206a3
                                                                                                          0x008206aa
                                                                                                          0x008206b1
                                                                                                          0x008206b8
                                                                                                          0x008206bf
                                                                                                          0x008206c6
                                                                                                          0x008206d9
                                                                                                          0x008206e5
                                                                                                          0x008206eb

                                                                                                          APIs
                                                                                                          • lstrcmpiW.KERNEL32(410F7A13,00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 008206E5
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000005.00000002.717016782.0000000000801000.00000020.00000001.sdmp, Offset: 00800000, based on PE: true
                                                                                                          • Associated: 00000005.00000002.717011353.0000000000800000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000005.00000002.717035178.0000000000826000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_5_2_800000_rundll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID: lstrcmpi
                                                                                                          • String ID:
                                                                                                          • API String ID: 1586166983-0
                                                                                                          • Opcode ID: ef59b29d425997034e4fed527bf505b0074c5b4e8b9fa1c114afddacbc91d9b0
                                                                                                          • Instruction ID: 9c6082aaaa6554077280af84e25c809becb243355aa4149750e36c83803453a9
                                                                                                          • Opcode Fuzzy Hash: ef59b29d425997034e4fed527bf505b0074c5b4e8b9fa1c114afddacbc91d9b0
                                                                                                          • Instruction Fuzzy Hash: B02113B1C01309ABCF14DFA9D94A9DEBFB5FB10354F108198E529B6251D3B48B04CF91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Non-executed Functions